https://github.com/bonifield/homenetgrapher
Force-Directed Graph Generator for Internal-to-Internal Network Traffic Analysis
https://github.com/bonifield/homenetgrapher
Last synced: 10 months ago
JSON representation
Force-Directed Graph Generator for Internal-to-Internal Network Traffic Analysis
- Host: GitHub
- URL: https://github.com/bonifield/homenetgrapher
- Owner: bonifield
- Created: 2019-05-21T03:07:03.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2019-05-21T03:35:55.000Z (about 7 years ago)
- Last Synced: 2025-03-12T07:31:41.491Z (over 1 year ago)
- Language: Python
- Size: 7.81 KB
- Stars: 1
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# homenetGrapher
Force-Directed Graph Generator for Internal-to-Internal Network Traffic Analysis on **SMALL** to **MEDIUM** Networks
## Purpose
- Visualize internal-to-internal network traffic to identify hosts performing potentially unauthorized communications
## Features
- Config for specifying both a) network address space in use, and b) individual IPs to ignore
- Dot (preferred), Circo, and Neato flags, for specifying one or more outputs
- Color-coding and labels for presenting summary information for each link
## Usage
```
# use a cronjob to run this script as needed for analysis
homenetGrapher.py --log [log-path] --config [config-path] [--dot | --circo | --neato] [--help]
-l / --log path of the Zeek (Bro) conn.log to be visualized
-g / --config path of the homenets.cfg (line-separated file containing your network's CIDR ranges, one-per-line
-o / --output output location (NOT filename) for the final image
-d / --dot outputs image in dot format
-c / --circo outputs image in circo format
-n / --neato outputs image in neato format
Examples:
homenetGrapher.py --config /etc/opt/homenetGrapher/homenets.cfg --log /path-to-bro/conn.log --output /var/log --dot --circo --neato
homenetGrapher.py -g /etc/opt/homenetGrapher/homenets.cfg -l /path-to-bro/conn.log -o /var/log --dot --circo --neato
```
## TODO
- write to JSON and send to a web server running d3 and d3-force
- display changes over time / over last x runs
- Zeek uid pairing and/or additional triggering based off notices.log events
- address coverage gaps between log rotation (look at a log that changed since last being read, which has also rotated and been gzip'd)
- better config parsing