BICEP presents an evaluation platform to benchmark arbitrary IDS solutions like Suricata, Snort, Zeek or Slips, in order to achieve comparability amongst IDS tools and novel apporaches. Practically every (D)IDS or (C)IDS can be added to the system via its plugin capability.
Currently only Suricata and Slips modules are implemented and supported in terms of setup, configuration, lifecycle management and benchmarking.
The project is still under development and breaking changes are likely to occur.
Currently, we are supporting Linux based systems, but we are actively trying to support MacOS as well. For The setup process for Macs' differ, consult the documentation at mac-support
In order to be able to start the project you will need to initialize it first. Do this by running:
git submodule update --init --recursive
This fetches the newest version of the submodule for the backend code and is necessary for the application to work seamlessly.
Important
In order for the framework to work out of the box, the host where you want to deploy containers needs to be prepared as mentioned here
The project can be started by running running docker compose --env-file environments/dev up. This will spin up all containers in development mode. To run the stack in production mode, simply use the production env file like so: docker compose --env-file environments/prod up
Documentation for setup, configuration, usage and contribution is available under BICEP-read-the-docs