Cyberprobe

Using Pulsar pub/sub for analytics, some scale/performance wins over RabbitMQ.

Overview

The full documentation is here.

Summary

Cyberprobe is a network packet inspection toolkit (Deep Packet Inspection) for real-time monitoring of networks. This has applications in network monitoring, intrusion detection, forensic analysis, and as a defensive platform. Cyberprobe packet inspection works on physical networks, and also in cloud VPCs. There are features that allow cloud-scale deployments.

This is not a single, monolithic intrusion detection toolkit which does everything you want straight out of the box. If that’s what you need, I would suggest you look elsewhere. Instead, Cyberprobe is a set of flexible components which can combined in many ways to manage a wide variety of packet inspection tasks. If you want to build custom network analytics there are many interfaces that make this straightforward.

The project maintains a number of components, including:

Cyberprobe

The probe, cyberprobe has the following features:

Cybermon

The monitor tool, cybermon has the following features:

Subscribers

The event stream from cybermon can be presented to RabbitMQ in a JSON form, which can then be delivered to further analytics:

Scaling

The architecture has support for AWS Traffic Mirroring, and supports cloud-scale deployments:

More information

The easiest way to learn about the software is to follow our Quick Start tutorial.

Discuss cyberprobe on Google Groups at cyberprobe-discussion@googlegroups.com

Download

See
Obtaining the Software. Github download page here.
Docker Compose configuration Cybermon, ES, Gaffer
Cyberprobe, snort, ES, Gaffer
Kibana configuration JSON