Real time system behavior monitoring tool (RTSBMT)
The project aims to
- Monitor the system changes
- Classify the system behahiour as malicious, suspicious or normal behaviour
- Map the changes to mitre att&ck framework
The project is divided into 3 phases
- Monitoring engine.
- Analysis engine.
- Mapping engine.
Monitoring engine
monitoring.exe
- This will be setup in the machine where you want to monitor the system changes, the setup instructions can be found here
agent
- Monitoring engine is accompanied by an agent-client which will automate the task of periodic monitoring and sending logs to the analysis engine
Analysis and Mapping engine
These are the backend engines which will process the logs and show the results to the users. Both of these are designed to be run on a single machine.
analysis.py
- The job of this engine is to parse the dumps generated by monitoring engine and keep them in a organised format.
mapping.py
- This uses elastic search apis to send all the parsed stuff for mapping with kibana
agent
- The agent-server given automates running analysis and mapping internally with api's, It should have both the requirements for the mapping as well as the analysis to be run correctly.