Giter Site home page Giter Site logo

ypsilon's Introduction

ypsilon

Automated Use Case Testing

What is Ypsilon

Ypsilon is an Automated Security Use Case Testing Environment using real malware to test SIEM use cases in an closed environment. Different tools such as Ansible, Cuckoo, VirtualBox, Splunk and ELK are combined to determine the quality of a SIEM use case by testing any number of malware against a SIEM use case. Finally, a test report is generated giving insight to the quality of an use case.

Ypsilon Architecture

Cuckoo in combination with VirtualBox is used to analyze the malware and test the use cases. The Cuckoo environment consists of analysis virtual machine, which will be infected by malware, and a SIEM virtual machine, which collects the logs and triggers the use cases. In the moment, only Splunk is supported as SIEM solution but supporting further SIEMs such as ELK is planned. Sigma is used as the generic description language for SIEM solutions. Ansible is the heart of the Ypsilon project. Ansible controls the use case testing process consisting of the following steps:

  • Generating a Splunk or ELK (planned) Use Case from the generic Sigma description language by using a Sigma converter.
  • Preparing VirtualBox and Cuckoo
  • Submitting a malware to Cuckoo
  • Trigger the Use Case
  • Revert the virtual machines to a snapshot
  • Generate a report (in development)

Ypsilon is for Use Case development what Jenkins is for software development.

Ypsilon Project

The Ypsilon project repository consists of the Ansible playbook, which controls the automated use case testing. Furthermore, the tools needs to be configured as described in the wiki, in order to be able to control the tools.

Configuration

The configuration of the tools is described in the wiki.

Installation

The following tools need to be installed and configured:

More information about installation and configuration of these tools can be found in the wiki.

How to Use

The Ypsilon project consists of an Ansible playbook, which is executed by the following command:

ansible-playbook -i production -u [user] playbooks/use_case_testing.yml --ask-pass --ask-become-pass

For more details about the arguments, have a look into to the Ansible documentation.

Credits

This is a private project developed by Patrick Bareiss with feedback by colleagues and friends.

License

The content of this repository is released under the GNU General Public License.

ypsilon's People

Contributors

p4t12ick avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.