cascade-server | research project at MITRE which seeks to automate
kandi X-RAY | cascade-server Summary
kandi X-RAY | cascade-server Summary
cascade-server is a Python library. cascade-server has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can download it from GitHub.
CASCADE is a research project at MITRE which seeks to automate much of the investigative work a “blue-team” team would perform to determine the scope and maliciousness of suspicious behavior on a network using host data. The prototype CASCADE server contained in this repository has the ability to handle user authentication, run analytics, and perform investigations. The server runs analytics against data stored in Splunk/ElasticSearch to generate alerts. Alerts trigger a recursive investigative process where several ensuing queries gather related events. Supported event relationships include parent and child processes (process trees), network connections, and file activity. The server automatically generates a graph of these events, showing relationships between them, and tags the graph with information from the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) project. The events in generated graph can also be displayed as a timeline. To reduce the false-positive rate, the CASCADE servers analytics can also be tuned analytics to the environment it is deployed in. The server also offers the ability to express simple analytics in a platform agnostic query language. Native CASCADE queries are automatically translated by the server into Splunk and ElasticSearch queries depending on which platform the server is connected to. The server allows users to easily create new analytics, and comes bundled with analytics to detect several ATT&CK techniques. For more information on how CASCADE performs these activities refer to the user guide. The functionality is exposed via a RESTful API and a web interface. CASCADE uses Python Flask and Gevent to create an asynchronous HTTP server.
CASCADE is a research project at MITRE which seeks to automate much of the investigative work a “blue-team” team would perform to determine the scope and maliciousness of suspicious behavior on a network using host data. The prototype CASCADE server contained in this repository has the ability to handle user authentication, run analytics, and perform investigations. The server runs analytics against data stored in Splunk/ElasticSearch to generate alerts. Alerts trigger a recursive investigative process where several ensuing queries gather related events. Supported event relationships include parent and child processes (process trees), network connections, and file activity. The server automatically generates a graph of these events, showing relationships between them, and tags the graph with information from the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) project. The events in generated graph can also be displayed as a timeline. To reduce the false-positive rate, the CASCADE servers analytics can also be tuned analytics to the environment it is deployed in. The server also offers the ability to express simple analytics in a platform agnostic query language. Native CASCADE queries are automatically translated by the server into Splunk and ElasticSearch queries depending on which platform the server is connected to. The server allows users to easily create new analytics, and comes bundled with analytics to detect several ATT&CK techniques. For more information on how CASCADE performs these activities refer to the user guide. The functionality is exposed via a RESTful API and a web interface. CASCADE uses Python Flask and Gevent to create an asynchronous HTTP server.
Support
Quality
Security
License
Reuse
Support
cascade-server has a low active ecosystem.
It has 223 star(s) with 50 fork(s). There are 24 watchers for this library.
It had no major release in the last 6 months.
There are 7 open issues and 2 have been closed. On average issues are closed in 87 days. There are 3 open pull requests and 0 closed requests.
It has a neutral sentiment in the developer community.
The latest version of cascade-server is current.
Quality
cascade-server has 0 bugs and 0 code smells.
Security
cascade-server has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
cascade-server code analysis shows 0 unresolved vulnerabilities.
There are 0 security hotspots that need review.
License
cascade-server is licensed under the Apache-2.0 License. This license is Permissive.
Permissive licenses have the least restrictions, and you can use them in most projects.
Reuse
cascade-server releases are not available. You will need to build from source code and install.
Build file is available. You can build the component from source.
Installation instructions, examples and code snippets are available.
cascade-server saves you 7984 person hours of effort in developing the same functionality from scratch.
It has 16337 lines of code, 605 functions and 157 files.
It has medium code complexity. Code complexity directly impacts maintainability of the code.
Top functions reviewed by kandi - BETA
kandi has reviewed cascade-server and discovered the below as its top functions. This is intended to give you an instant insight into cascade-server implemented functionality, and help decide if they suit your requirements.
- Run the query .
- Return a list of hosts that have the same host .
- Cluster events .
- Query a single session .
- Decorator to register a relationship .
- Taint a process event .
- Copy a process event .
- Get information about the technique .
- Close a process event .
- Decorator to validate a request .
Get all kandi verified functions for this library.
cascade-server Key Features
No Key Features are available at this moment for cascade-server.
cascade-server Examples and Code Snippets
No Code Snippets are available at this moment for cascade-server.
Community Discussions
No Community Discussions are available at this moment for cascade-server.Refer to stack overflow page for discussions.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install cascade-server
Run CASCADE with the --setup flag to begin initialization. The setup will prompt for server configuration settings, database encryption keys, etc. If no values are provided for the parameters, setup continues with the default values.
Clone the repository.
Install all requirements.
Run CASCADE with the --setup flag to begin initialization. The setup will prompt for server configuration settings, database encryption keys, etc. If no values are provided for the parameters, setup continues with the default values. python cascade.py --setup
Clone the repository.
Install all requirements.
Run CASCADE with the --setup flag to begin initialization. The setup will prompt for server configuration settings, database encryption keys, etc. If no values are provided for the parameters, setup continues with the default values. python cascade.py --setup
Support
For any new features, suggestions and bugs create an issue on GitHub.
If you have any questions check and ask questions on community page Stack Overflow .
Find more information at:
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
