cascade-server | research project at MITRE which seeks to automate

 by   mitre Python Version: Current License: Apache-2.0

kandi X-RAY | cascade-server Summary

kandi X-RAY | cascade-server Summary

cascade-server is a Python library. cascade-server has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can download it from GitHub.

CASCADE is a research project at MITRE which seeks to automate much of the investigative work a “blue-team” team would perform to determine the scope and maliciousness of suspicious behavior on a network using host data. The prototype CASCADE server contained in this repository has the ability to handle user authentication, run analytics, and perform investigations. The server runs analytics against data stored in Splunk/ElasticSearch to generate alerts. Alerts trigger a recursive investigative process where several ensuing queries gather related events. Supported event relationships include parent and child processes (process trees), network connections, and file activity. The server automatically generates a graph of these events, showing relationships between them, and tags the graph with information from the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) project. The events in generated graph can also be displayed as a timeline. To reduce the false-positive rate, the CASCADE servers analytics can also be tuned analytics to the environment it is deployed in. The server also offers the ability to express simple analytics in a platform agnostic query language. Native CASCADE queries are automatically translated by the server into Splunk and ElasticSearch queries depending on which platform the server is connected to. The server allows users to easily create new analytics, and comes bundled with analytics to detect several ATT&CK techniques. For more information on how CASCADE performs these activities refer to the user guide. The functionality is exposed via a RESTful API and a web interface. CASCADE uses Python Flask and Gevent to create an asynchronous HTTP server.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              cascade-server has a low active ecosystem.
              It has 223 star(s) with 50 fork(s). There are 24 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              There are 7 open issues and 2 have been closed. On average issues are closed in 87 days. There are 3 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of cascade-server is current.

            kandi-Quality Quality

              cascade-server has 0 bugs and 0 code smells.

            kandi-Security Security

              cascade-server has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              cascade-server code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              cascade-server is licensed under the Apache-2.0 License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              cascade-server releases are not available. You will need to build from source code and install.
              Build file is available. You can build the component from source.
              Installation instructions, examples and code snippets are available.
              cascade-server saves you 7984 person hours of effort in developing the same functionality from scratch.
              It has 16337 lines of code, 605 functions and 157 files.
              It has medium code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed cascade-server and discovered the below as its top functions. This is intended to give you an instant insight into cascade-server implemented functionality, and help decide if they suit your requirements.
            • Run the query .
            • Return a list of hosts that have the same host .
            • Cluster events .
            • Query a single session .
            • Decorator to register a relationship .
            • Taint a process event .
            • Copy a process event .
            • Get information about the technique .
            • Close a process event .
            • Decorator to validate a request .
            Get all kandi verified functions for this library.

            cascade-server Key Features

            No Key Features are available at this moment for cascade-server.

            cascade-server Examples and Code Snippets

            No Code Snippets are available at this moment for cascade-server.

            Community Discussions

            No Community Discussions are available at this moment for cascade-server.Refer to stack overflow page for discussions.

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install cascade-server

            Run CASCADE with the --setup flag to begin initialization. The setup will prompt for server configuration settings, database encryption keys, etc. If no values are provided for the parameters, setup continues with the default values.
            Clone the repository.
            Install all requirements.
            Run CASCADE with the --setup flag to begin initialization. The setup will prompt for server configuration settings, database encryption keys, etc. If no values are provided for the parameters, setup continues with the default values. python cascade.py --setup

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/mitre/cascade-server.git

          • CLI

            gh repo clone mitre/cascade-server

          • sshUrl

            git@github.com:mitre/cascade-server.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link