Real time system behavior monitoring tool (RTSBMT)

The project aims to

• Monitor the system changes
• Classify the system behahiour as malicious, suspicious or normal behaviour
• Map the changes to mitre att&ck framework

The project is divided into 3 phases

1. Monitoring engine.
2. Analysis engine.
3. Mapping engine.

Monitoring engine

monitoring.exe

• This will be setup in the machine where you want to monitor the system changes, the setup instructions can be found here

agent

• Monitoring engine is accompanied by an agent-client which will automate the task of periodic monitoring and sending logs to the analysis engine

Analysis and Mapping engine

These are the backend engines which will process the logs and show the results to the users. Both of these are designed to be run on a single machine.

analysis.py

• The job of this engine is to parse the dumps generated by monitoring engine and keep them in a organised format.

mapping.py

• This uses elastic search apis to send all the parsed stuff for mapping with kibana

agent

• The agent-server given automates running analysis and mapping internally with api's, It should have both the requirements for the mapping as well as the analysis to be run correctly.