This is the overview repository of the Beemaster project - an IDS based on Bro, using ACU (Alert Correlation Units) to create Meta-Alerts from data provided by a Bro or a honeypot. Results can be visualized using the CIM (Cyber Incident Monitor).
The project and its documentation (Readme, Source Code) is splitted in multiple repositories:
- UHH-ISS / beemaster-bro - Customizations for Bro
- UHH-ISS / beemaster-hp - Contains the generic honeypot connector and configuration files for the honeypot Dionaea
- UHH-ISS / beemaster-acu-fw - Alert Correlation Unit Framework, the basis for concrete ACU implementations
- UHH-ISS / beemaster-acu-portscan - ACU Portscan
- UHH-ISS / beemaster-acu-lattice - ACU Lattice
- UHH-ISS / beemaster-cim - Cyber Incident Monitor
The repositories were moved from the servers of the University of Hamburg.
During this transition the names of the repositories changed. However, not
all contents of the repositories reflect this change at the time of writing.
In case you are having troubles, check weather the former mp-ids- needs
to be changed to beemaster-.
You can generate a HTML documentation for the source code and Readme files. See: docs. The generated documentation may be found here: https://uhh-iss.github.io/beemaster/
Integration tests (docker based) can be found in the folder tests.