-
PacketStreamer
:star: :star: :star: Distributed tcpdump for cloud native environments :star: :star: :star:
-
Nginx
An official read-only mirror of http://hg.nginx.org/nginx/ which is updated hourly. Pull requests on GitHub cannot be accepted and will be automatically closed. The proper way to submit changes to nginx is via the nginx development mailing list, see http://nginx.org/en/docs/contributing_changes.html
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
PacketStreamer is an open source tool that captures network traffic from multiple remote sources concurrently and aggregates the data into a single pcap log file. It is written in golang and supports network capture from Kubernetes nodes, Docker hosts, and bare-metal/virtual-machine servers.
In the following example, we install PacketStreamer on three honeypot servers: a host with a basic WordPress installation, one with an inviting NGINX configuration that responds to every request with a 200 OK message, and a host running the honeydb service.
One foundation of a good cybersecurity practice is the ability to capture attack actor TTPs (Tactics, Techniques, and Procedures) from across and behind the attack surface. Tools such as Sysdig Falco capture TTP signals from running workloads (process changes, filesystem access, etc.), and can give indications of local compromise, but these signals alone only tell the late-stage story of an attack event.