GithubHelp home page GithubHelp logo

artlas's Introduction

ARTLAS Apache Real Time Logs Analyzer System

Real time Apache log analyzer, based on top 10 OWASP vulnerabilities, identifies attempts of exploration in your web application, and notify you or your incident team on Telegram, Zabbix and Syslog/SIEM.

ARTLAS uses the regular expression from the PHP-IDS project, to identify the attempts of exploration, download link to the latest version of the file Download File

ChangeLog

-Added CEF for syslog and SIEM
-Added option to connect in syslog servers or SIEM’s
-Added Zabbix integration with differents triggers
-Code review added class structure
-Added vhost capability
-Added verbose outup enabled
-Zabbix Notifications bugs fixed

Supported Output

Zabbix Version 2.4 and 3.0
SySlog
SIEM
Telegram

Supported web servers

Apache
Apache vHost
Nginx
Nginx vHost

Installation

Clone project
git clone https://github.com/mthbernardes/ARTLAS.git

Install dependencies
pip install -r dependencies.txt
python version 2.7.11(lastet)


Install screen
sudo apt-get install screen #Debian Like
sbopkg -i screen    # Slackware 14.*
yum install screen # CentOS/RHEL

dnf install screeen  # Fedora


screen tutorial [pt_Br]

Configuration

All your configurations will be made in etc/artlas.conf file.

TELEGRAM INTEGRATION
[Telegram]
api = Your Token API
group_id = Group/User ID that will receive the notifications
enable = True to send notificantions or False to not send.


ZABBIX CONFIGURATION
[Zabbix]
server_name = hostname of the server in zabbix
agentd_config = Zabbix agent configuration file
enable_advantage_keys = True or False to use advanced triggers
notifications = true to enable  or false to disable triggers notifications
enable = true to enable  or false to disable


SYSLOG/SIEM CONFIGURATION
[CEF_Syslog]
server_name = IP or Hostname SySlog/SIEM server
enable = True or False to enable


GENERAL CONFIGURATION
[General]
apache_log = Full path apache access.log
apache_mask = Mask to identify the fields in the apache access log
vhost_enable = True to enable  or False to disable vhosts
rules = etc/default_filter.json It's the file that contains the OWASP filter [Do not Change]

How to start

screen -S artlas
python artlas.py
CTRL+A+D

Team

Matheus Bernardes a.k.a. G4mbler
Henrique Gonçalves a.k.a. Kamus Hadenes
André Déo

artlas's People

Contributors

kamushadenes avatar mthbernardes avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.