{"id":21601548,"url":"https://github.com/vmware-samples/net-sec-analysis","last_synced_at":"2025-03-18T13:19:30.785Z","repository":{"id":98086976,"uuid":"281400381","full_name":"vmware-samples/net-sec-analysis","owner":"vmware-samples","description":"Network security monitoring and analysis","archived":false,"fork":false,"pushed_at":"2020-08-18T07:28:45.000Z","size":28,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-24T18:28:20.085Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vmware-samples.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-21T13:06:33.000Z","updated_at":"2021-02-10T12:03:35.000Z","dependencies_parsed_at":"2023-05-23T14:30:29.614Z","dependency_job_id":null,"html_url":"https://github.com/vmware-samples/net-sec-analysis","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-samples%2Fnet-sec-analysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-samples%2Fnet-sec-analysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-samples%2Fnet-sec-analysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmware-samples%2Fnet-sec-analysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vmware-samples","download_url":"https://codeload.github.com/vmware-samples/net-sec-analysis/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244227577,"owners_count":20419263,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-24T19:09:51.627Z","updated_at":"2025-03-18T13:19:30.779Z","avatar_url":"https://github.com/vmware-samples.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# network-security-analyser\n\n[![Photon OS 3.0](https://img.shields.io/badge/Photon%20OS-3.0-orange)](https://vmware.github.io/photon/)\n\n## Table of Contents\n\n- [Network-security-analyser](#Network-security-analyser)\n  - [Overview](#overview)\n  - [Architecture](#architecture)\n  - [Prerequisites](#Prerequisites)\n  - [QuickStart Guide](#QuickStart)\n  - [Samples](#Samples)\n  - [Getting in touch](#ReachUs)\n  - [Contributing](#contributing)\n  - [License](#license)\n\n## Overview\n\nThe Network Security analyzer is a collection of open source network security montioring tools configured to work together that enables security personals to keep an eye on the data traversing through their network by analyzing and storing the network packets captured.\n\nWhile suricata performs signature based intrusion detection, zeek does an in-depth analysis for multiple protocols as well detects anamolies. Moloch being a full packet capture engine, provides evidence and artifacts for further investigation.\n\n\n## Architecture\n\nVMware Photon OS can be deployed to any vSphere-based infrastructure, including an on-premises and/or any public cloud environment, running on vSphere such as VMware Cloud on AWS or VMware Cloud on Dell-EMC.\n\nSetup requires a minimal Photon OS to be deployed using an OVA or ISO image.\n\nNetwork Security Analysis comprises of multiple OpenSource solutions:\n - [Zeek](https://github.com/zeek/zeek)\n - [Suricata](https://suricata-ids.org/)\n - [Moloch](https://github.com/aol/moloch)\n - Photon OS ([Github](https://github.com/vmware/photon))\n\nThe install also includes PF_RING installation that helps improve packet capture rate.\n\n## Prerequisites\n - A PhotonOS VM with outbound internet connection, refer [PhotonOS Network Configuration](https://vmware.github.io/photon/assets/files/html/3.0/photon_admin/configuring-network-interfaces.html)\n - VM requires a network adaptor for management interface and depending on the requirement add a secondary NIC for ingesting traffic from a SPAN or TAP device.\n - Create a local user called 'netsec' and provide sudo priviliges.\n\n## QuickStart\n - Login as netsec user\n - Setup Network and resovler/DNS.\n - Git Clone: git clone https://github.com/vmware-samples/net-sec-analysis/\n - Run install script: bash src/install.sh\n\n## Modify configuration\n- MONITOR_INTERFACE, Moloch credentails, PF_RING version etc can be updated by modifying src/scripts/install.sh script.\n- By default all applications are configured to listen on eth0 interface, this can be changed to second NIC added to the VM in case of ingesting span/tap traffic.\n- When a secondary network interface is configured for span/tap, use the below command to bring up the interface:\n  /sbin/ip link set eth1 up\n- A systemd service can be configured to bring up the interface automatically -\n\n```\ncat /etc/systemd/system/span_iface.service\n[Unit]\nDescription=Bring up Span interface\n[Service]\nType=oneshot\nExecStart=/sbin/ip link set eth1 up\n[Install]\nWantedBy=multi-user.target\n```\n\n- Enable at boot and start interface\n\n```\nsystemctl enable span_iface\nsystemctl start span_iface\n```\n\n## Tests\n - Tests are performed by loading a sample PCAP provided in the install package and can be run using the scripts provided in test dir. \n\n## ReachUs\n\nFeel free to reach out to the Team:\n  - Email us at (mailto: \u003cnet-security-analysis@vmware.com\u003e)\n\n## Contributing\n\nThe Network security analyzer team welcomes contributions from the community. Before you start working with Network security analyzer, please\nread our [Developer Certificate of Origin](https://cla.vmware.com/dco). All contributions to this repository must be\nsigned as described on that page. Your signature certifies that you wrote the patch or have the right to pass it on\nas an open-source patch. For more detailed information, refer to [CONTRIBUTING.md](CONTRIBUTING.md).\n\n## License\n\nNetwork Security Analyzer is available under the BSD-2 license. Please see [LICENSE.txt](LICENSE.txt).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware-samples%2Fnet-sec-analysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvmware-samples%2Fnet-sec-analysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmware-samples%2Fnet-sec-analysis/lists"}