SCANDALE, is a libre software which is providing a backend architecture for collecting data from probes and storing proof of checks.
The platform is composed of:
- a documented HTTP API with a PubSub mechansim and a connection to a database;
- a backend to deploy and monitor a network of probes. The architecture is relying on the Smart Python Agent Development Environment;
- a service to timestamp the collected data with a third party (RFC 3161) for the proof of checks.
The API is based on the FastAPI framework well known for its excellent performance.
It is possible to extend the platform in order to share data with external system, such as MISP.
- following a notification, an SME ask its provider to patch a system. The provider says the system is patched at a given date, but lies. The SME can then check the certified scan logs to break its contract with the provider;
- certification of incident timeline.
flowchart LR
P[Probe] -->|Standardized result| A(Aggregation Engine)
P1[Probe] -->|Standardized result| A
P2[Probe] -->|Standardized result| A
A -.->|Ask for a timestamp| RTS(Third party timestamper)
P -.-> H[Agents registry]
P1 -.-> H
P2 -.-> H
A -.-> H
A -->|HTTP POST| B[FastAPI]
B -.->|Ask for a timestamp| RTS
B -->|Write| G[Database]
E[External source] -->|HTTP POST| B
Each probe agent is authenticated, registered and declare its availability (for the presence notification system). The OMEMO protocol can be used for communications between agents.
A documentation is available here with more information about the architecture and the installation process.
SCANDALE is distributed under the terms of the
GNU Affero General Public License version 3.
- Copyright (C) 2022-2024 Cédric Bonhomme
- Copyright (C) 2022-2024 CIRCL - Computer Incident Response Center Luxembourg