PMP is an open source, modularly designed, programmable platform for collecting, exposing and visualising data from data sources in the Contiuum Cloud. In addition, it provides threat detection to alert and notify on anomalous behaviour by analysing network traffic. Finally, PMP uses agnostic Sigma rules to configure the tools.
- 🌀 Data collection in real time
- 🔌 Automatisation process
- 🔔 Alerts and notifications
- 🔨 Dynamic configuration
- 📊 Data visualisation
- ➕ Modular
- 🚀 RESTful Public API for programmatic access
- 🐳 Dockerized deployment for easy setup
🔒 Developed
- Fluentd
- Telegraf
- Falco
- Tshark
- Filebeat
- Kafka
🚧 Future development
- Snort3
- Grafana
- Kibana
- Elasticsearch
- InfluxDB
- Sigma translator
-
Clone the repository:
gh repo clone CyberDataLab/ROBUST-6G_PMP
-
Navigate to the project directory:
cd ROBUST-6G_PMP/ -
Generate modified images
sudo docker build -f Dockerfiles/dockerfile.falco -t falco_robust6g:latest . sudo docker build -f Dockerfiles/dockerfile.fluentd -t fluentd_robust6g:latest . sudo docker build -f Dockerfiles/dockerfile.tshark -t tshark_robust6g:latest .
-
Permissions of Filebeat configuration
sudo chmod 644 configuration_files/filebeat.yml sudo chown root:root configuration_files/filebeat.yml
-
Usage and deployment using
python3 start_containers.py
Do not use the docker-compose.yml file because the PMP needs an environment variable to uniquely identify the machine using the monitoring tools.
- Delete containers and deployed volumes as well as generated data at the same time.
python3 remove_containers.py
Docker27.5.1 or higher.docker-compose1.29.2 or higher.Python3.12or higher.
The tool containers already satisfy their requirements without the need of any user installation.
PMP is open-source under the GPL-3.0 license. See the LICENSE file for details.
In case filebeat.yml is showing errors, change the permissions with:
sudo chmod 644 filebeat.yml
sudo chown root:root filebeat.yml