{"id":13753366,"url":"https://github.com/P4T12ICK/ypsilon","last_synced_at":"2025-05-09T20:35:36.493Z","repository":{"id":134099832,"uuid":"131577384","full_name":"P4T12ICK/ypsilon","owner":"P4T12ICK","description":"Automated Use Case Testing","archived":false,"fork":false,"pushed_at":"2018-05-01T18:28:15.000Z","size":597,"stargazers_count":167,"open_issues_count":0,"forks_count":16,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-04-19T07:14:56.420Z","etag":null,"topics":["ansible","cuckoo","elk","malware","security","siem","splunk","use-case"],"latest_commit_sha":null,"homepage":null,"language":"TeX","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/P4T12ICK.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-04-30T09:26:11.000Z","updated_at":"2025-02-16T16:02:49.000Z","dependencies_parsed_at":"2023-05-26T12:15:26.824Z","dependency_job_id":null,"html_url":"https://github.com/P4T12ICK/ypsilon","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/P4T12ICK%2Fypsilon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/P4T12ICK%2Fypsilon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/P4T12ICK%2Fypsilon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/P4T12ICK%2Fypsilon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/P4T12ICK","download_url":"https://codeload.github.com/P4T12ICK/ypsilon/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253321880,"owners_count":21890486,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","cuckoo","elk","malware","security","siem","splunk","use-case"],"created_at":"2024-08-03T09:01:21.007Z","updated_at":"2025-05-09T20:35:31.411Z","avatar_url":"https://github.com/P4T12ICK.png","language":"TeX","readme":"# ypsilon\nAutomated Use Case Testing\n\n# What is Ypsilon\nYpsilon is an Automated Security Use Case Testing Environment using real malware to test SIEM use cases in an closed environment. Different tools such as [Ansible](https://www.ansible.com), [Cuckoo](https://cuckoosandbox.org), [VirtualBox](https://www.virtualbox.org), [Splunk](https://www.splunk.com) and [ELK](https://www.elastic.co/de/elk-stack) are combined to determine the quality of a SIEM use case by testing any number of malware against a SIEM use case. Finally, a test report is generated giving insight to the quality of an use case.\n\n![Ypsilon Architecture](https://github.com/P4T12ICK/ypsilon/blob/master/images/ypsilon_architecture.png)\n\nCuckoo in combination with VirtualBox is used to analyze the malware and test the use cases. The Cuckoo environment consists of analysis virtual machine, which will be infected by malware, and a SIEM virtual machine, which collects the logs and triggers the use cases. In the moment, only Splunk is supported as SIEM solution but supporting further SIEMs such as ELK is planned. \n[Sigma](https://github.com/Neo23x0/sigma) is used as the generic description language for SIEM solutions. Ansible is the heart of the Ypsilon project. Ansible controls  the use case testing process consisting of the following steps:\n- Generating a Splunk or ELK (planned) Use Case from the generic Sigma description language by using a Sigma converter.\n- Preparing VirtualBox and Cuckoo\n- Submitting a malware to Cuckoo\n- Trigger the Use Case\n- Revert the virtual machines to a snapshot\n- Generate a report (in development)\n\nYpsilon is for Use Case development what Jenkins is for software development.\n\n\n# Ypsilon Project\nThe Ypsilon project repository consists of the Ansible playbook, which controls the automated use case testing. Furthermore, the tools needs to be configured as described in the wiki, in order to be able to control the tools.\n\n## Configuration \nThe configuration of the tools is described in the wiki.  \n\n## Installation\nThe following tools need to be installed and configured:\n- [Ansible](https://github.com/P4T12ICK/ypsilon/wiki/Configuration-Ansible)\n- [VirtualBox](https://github.com/P4T12ICK/ypsilon/wiki/Configuration-VirtualBox)\n- [Cuckoo](https://github.com/P4T12ICK/ypsilon/wiki/Configuration-Cuckoo)\n- [Sigma](https://github.com/P4T12ICK/ypsilon/wiki/Configuration-Sigma)\n- [Splunk](https://github.com/P4T12ICK/ypsilon/wiki/Configuration-Splunk)\n- [TexLive](https://github.com/P4T12ICK/ypsilon/wiki/Configuration-TexLive)\n\nMore information about installation and configuration of these tools can be found in the [wiki](https://github.com/P4T12ICK/ypsilon/wiki).\n\n\n## How to Use\nThe Ypsilon project consists of an Ansible playbook, which is executed by the following command:\n```shell\nansible-playbook -i production -u [user] playbooks/use_case_testing.yml --ask-pass --ask-become-pass\n```\nFor more details about the arguments, have a look into to the Ansible documentation.\n\n# Credits\nThis is a private project developed by Patrick Bareiss with feedback by colleagues and friends.\n\n# License\nThe content of this repository is released under the GNU General Public License.\n\n","funding_links":[],"categories":["security"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FP4T12ICK%2Fypsilon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FP4T12ICK%2Fypsilon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FP4T12ICK%2Fypsilon/lists"}