Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/dewitt4/network-security-monitor

Basic network security monitoring tool that focuses on defensive capabilities
https://github.com/dewitt4/network-security-monitor

cybersecurity cybersecurity-tools

Last synced: 16 days ago
JSON representation

Basic network security monitoring tool that focuses on defensive capabilities

Host: GitHub
URL: https://github.com/dewitt4/network-security-monitor
Owner: dewitt4
License: mit
Created: 2024-11-25T15:52:31.000Z (about 2 months ago)
Default Branch: main
Last Pushed: 2024-12-05T23:06:10.000Z (about 1 month ago)
Last Synced: 2024-12-06T00:19:10.580Z (about 1 month ago)
Topics: cybersecurity, cybersecurity-tools
Language: Python
Homepage:
Size: 24.4 KB
Stars: 4
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

README

# Network Security Monitor

A Python-based network security monitoring tool for detecting and logging suspicious network activity patterns.

## Features

- Real-time connection monitoring
- Detection of high-frequency connection attempts
- Unusual port access monitoring
- Suspicious pattern tracking
- Automated security reporting
- Detailed event logging

## Installation

```bash
git clone https://github.com/dewitt4/network-security-monitor
cd network-security-monitor
pip install -r requirements.txt
```

Required dependencies:
- Python 3.8+
- pandas
- socket
- logging

## Usage

Basic implementation:

```python
from network_security_monitor import NetworkSecurityMonitor

# Initialize the monitor
monitor = NetworkSecurityMonitor()

# Monitor a connection
monitor.monitor_connection(
source_ip="192.168.1.100",
dest_port=80,
timestamp=datetime.datetime.now()
)

# Generate security report
report = monitor.generate_report()
print(report)

# Get suspicious activity summary
summary = monitor.get_suspicious_activity_summary()
print(summary)
```

## Configuration

The monitor tracks several types of suspicious patterns:
- Repeated authentication failures
- Connections to unusual ports (non-standard ports)
- High-frequency connection attempts (>5 requests/second)

Logs are stored in `security_monitor.log` with the following format:
```
YYYY-MM-DD HH:MM:SS - LEVEL - MESSAGE
```

## Security Considerations

- This tool is for defensive monitoring only
- Ensure proper access controls for log files
- Regularly review and backup security reports
- Configure firewall rules to allow monitoring traffic
- Implement secure storage for IP addresses

## Contributing

1. Fork the repository
2. Create a feature branch
3. Implement changes with tests
4. Submit a pull request

[Contributing Guidelines](CONTRIBUTING.md).

## License

MIT License - See LICENSE file for details.

## Support

For bugs and features, open an issue on the GitHub repository.

## Disclaimer

This tool is for legitimate security monitoring only. Users are responsible for complying with applicable laws and regulations regarding network monitoring.