Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/teler-sh/teler

Real-time HTTP Intrusion Detection
https://github.com/teler-sh/teler

analyze-logs go golang ids intrusion intrusion-detection intrusion-detection-system iocs log log-analyzer logs threat threat-analyzer threat-hunting threat-intelligence threat-rules

Last synced: 3 months ago
JSON representation

Real-time HTTP Intrusion Detection

Host: GitHub
URL: https://github.com/teler-sh/teler
Owner: teler-sh
License: apache-2.0
Archived: true
Created: 2020-07-21T03:48:29.000Z (over 4 years ago)
Default Branch: v2
Last Pushed: 2024-02-13T04:54:25.000Z (10 months ago)
Last Synced: 2024-09-21T08:31:32.981Z (3 months ago)
Topics: analyze-logs, go, golang, ids, intrusion, intrusion-detection, intrusion-detection-system, iocs, log, log-analyzer, logs, threat, threat-analyzer, threat-hunting, threat-intelligence, threat-rules
Language: Go
Homepage: https://teler.app
Size: 655 KB
Stars: 3,003
Watchers: 51
Forks: 251
Open Issues: 11
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: .github/CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS

Awesome Lists containing this project

awesome-hacking-lists - teler-sh/teler - Real-time HTTP Intrusion Detection (Go)
awesome-repositories - teler-sh/teler - Real-time HTTP Intrusion Detection (Go)
project-awesome - teler-sh/teler - Real-time HTTP Intrusion Detection (Go)

README

        > [!IMPORTANT]  

> Dear users,

> 

> We wanted to share some important updates regarding the development of teler IDS.

> 

> 🛑 The development of teler IDS is currently on hold. However, we're thrilled to inform you that we've decided to take a bold step by embarking on a complete refactor, starting from scratch to enhance the overall development process. 🚀

> 

> In parallel, we're actively laying down the roadmap for teler IDS v3. 📝


> What we can reveal at this point is that version 3 will leverage eBPF & [teler-waf](https://github.com/kitabisa/teler-waf) as its support, promising advanced features and capabilities. 🌟

> 

> If you have feedback or suggestions regarding the features you'd like to see in teler IDS v3, kindly participate in our anonymous survey 👉 https://s.surveyplanet.com/8he6p7rq

> 

> Stay tuned for more updates as we continue to innovate and enhance our intrusion detection system! Tipis-tipis asal menyala abangkuuhh! 🔥🔝🙌🏼

> 

> Best!


> dw1

>

> ---

>

> _{As announced in [teler-announce#Fm8Yjh_4of0](https://groups.google.com/g/teler-announce/c/Fm8Yjh_4of0).}

> [!NOTE]

> In the meantime, you can install and download the latest **v2** version to continue using it.



  

  
teler




  

  

  

  

  

  

  
teler




  Real-time HTTP Intrusion Detection

  


  Contribute

  ·

  What's new

  ·

  Report Bug

  ·

  Request Feature



---

`teler` is an **real-time intrusion detection** and threat alert based on web log that runs in a **terminal** with resources that we collect and provide by the community. :heart:

| **CLI**  | **Dashboard**  |

|--------- |--------------- |

| [![teler](https://user-images.githubusercontent.com/25837540/97096468-f8ccaa00-1696-11eb-8830-0d3a7be45a2d.gif)](#) | [![dashboard](https://user-images.githubusercontent.com/25837540/175797412-1921c0e8-c4dc-4e2f-a29d-1c0208a86d22.gif)](#) |

> [!NOTE]

> If you upgrade from prior to v2 frontwards there will be some **break changes** that affect configuration files. 

> Appropriate adaptations can refer to [teler.example.yaml](https://github.com/kitabisa/teler/blob/v2/teler.example.yaml) file.

**See also:**

- [kitabisa/teler-waf](https://github.com/kitabisa/teler-waf): teler-waf is a Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy to integrate into existing Go applications.

## Table of Contents

- [Features](#features)

- [Why teler?](#why-teler)

- [Demo](#demo)

- [Documentation](#documentation)

- [Supporting Materials](#supporting-materials)

- [Contributors](#contributors)

  - [Resources](#resources)

- [Pronunciation](#pronunciation)

- [Changes](#changes)

- [License](#license)

## Features

* **Real-time**: Analyze logs and identify suspicious activity in real-time.

* **Alerting**: teler provides alerting when a threat is detected, push notifications include Slack, Mattermost, Telegram and Discord.

* **Monitoring**: We've our own metrics if you want to monitor threats easily, and we use Prometheus for that.

* **Logging**: is also provided in file form or sends detected threats to the Zinc logs search engine.

* **Latest resources**: Collections is continuously up-to-date.

* **Minimal configuration**: You can just run it against your log file, write the log format and let

  teler analyze the log and show you alerts!

* **Flexible log formats**: teler allows any custom log format string! It all depends on how you write the log format in configuration file.

* **Custom threat rules**: Want to reach a wider range of threats instead of engine-based _(default)_ rules? You can customize threat rules!

* **Incremental log processing**: Need data persistence rather than [buffer stream](https://linux.die.net/man/1/stdbuf)?

  teler has the ability to process logs incrementally through the on-disk persistence options.

## Why teler?

teler was designed to be a fast, terminal-based threat analyzer. Its core idea is to quickly analyze and hunt threats in real time!

## Demo

Here is a preview of `teler` with conditions of use as:

| **Buffer-streams**  | **Incremental**   |

|-------------------- |-----------------  |

|  |  |

## Documentation

All related documentation about installation, usage & configuration is on **[teler.app](https://teler.app)**.

## Supporting Materials

- [teler - Protect Your WebApp!](https://dw1.io/files/teler%20-%20Protect%20Your%20WebApp.pdf) Talks were brought to the **OWASP Jakarta: Virtual AppSec Indonesia 2020** event.

- [Tutorial: Cyber Threat Hunting - Useful Threat Hunting Tools (Part One)](https://youtu.be/0m54WOXO6Gc), Semi Yulianto gave a brief explanation and how to use **teler** in the video.

- [Empowering Teler HTTP Intrusion Detection as WAF with Fail2ban](https://link.medium.com/OXVZIMkZEeb).

- [Detecting web attacks using Wazuh and teler](https://wazuh.com/blog/detecting-web-attacks-using-wazuh-and-teler/), integrate teler with a unified XDR and SIEM platform, Wazuh.

## Contributors

[![contributions](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/kitabisa/teler/issues)

This project exists thanks to all the people who contribute. To learn how to setup a development environment and for contribution guidelines, see [CONTRIBUTING.md](/.github/CONTRIBUTING.md).

  

    
_{Dwi Siswanto}
💻 📖 ⚠️ 🤔

    
_{ProjectDiscovery}
🔧

    
_{Anton Egorov}
🔧

    
_0ktavandi
🤔

    
_Fik
🎨

    
_{fairyhunter13}
⚠️

    
_{Zufar Dhiyaulhaq}
💻

  

  

    
_{Aldin Setiawan}
💻 ️️️️♿️

    
_{Noah Petherbridge}
🔧

    
_{Zackky Muhammad}
🚇

    
_Andy
🔧

    
_{Aliaksandr Valialkin}
🔧

    
_{Markus Tenghamn}
🐛

    
_Rick
🚧 💻

  

  

    
_{Michael BOUVY}
📖

    
_oelnaggar
📖 🐛

  

### Resources

All external resources used in this teler are **NOT** provided by us. See all peoples who involved in this resources at [teler Resource Collections](https://github.com/kitabisa/teler-resources).

## Pronunciation

[`jv_id`](https://www.localeplanet.com/java/jv-ID/index.html) • **/télér/** — bagaimana bisa seorang pemuda itu teler hanya dengan meminum sloki ciu _(?)_

## Changes

For changes, see the [CHANGELOG.md](/CHANGELOG.md).

## Community

We use the Google Groups as our dedicated mailing list. Subscribe to [teler-announce](https://groups.google.com/g/teler-announce) via [[email protected]](mailto:[email protected]) for important announcements, such as the availability of new releases. This subscription will keep you informed about significant developments related to [teler IDS](https://github.com/kitabisa/teler), [teler WAF](https://github.com/kitabisa/teler-waf), [teler Proxy](https://github.com/kitabisa/teler-proxy), and [teler Resources](https://github.com/kitabisa/teler-resources).

For any [inquiries](https://github.com/kitabisa/teler/discussions/categories/q-a), [discussions](https://github.com/kitabisa/teler/discussions), or [issues](https://github.com/kitabisa/teler/issues) are being tracked here on GitHub. This is where we actively manage and address these aspects of our community engagement.

## License

This program is developed and maintained by members of Kitabisa Security Team, and this is not an officially supported Kitabisa product. This program is free software: you can redistribute it and/or modify it under the terms of the [Apache license](/LICENSE). Kitabisa teler and any contributions are copyright © by Dwi Siswanto 2020-2022.

[![Stargazers over time](https://starchart.cc/kitabisa/teler.svg)](https://starchart.cc/kitabisa/teler)