A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry.
This project is a work in progress and in a pre-alpha state; input and contributions are warmly welcome
To Build a lightweight, SIEM Agnostic, UEBA Framework focused on providing:
- Modeling
- Model Management
- Community-driven Model Library
- Model Version Control
- Ready-to-use model modules
- Feedback Loop for continuous model training
- "Shadow Mode" for model and risk score experimentation
- Simple model configuration workflow
- Dashboard
- Modern stack
- Modular components
- Live updating
- Features
- Rule Storage/Management
- Case Management
- Peer-oriented/community intel
- Lightweight, SIEM-agnostic architecture
- Flexible/open dataset support
- Alerting/Ticketing system
- Client Dashboard
- React
- Bootstrap
- Node JS
- Express JS
- D3.js
- Model Server (Remote or Local)
- API Server
- Flask
- Visualization
- Data Shader
- Kibana
- Matplotlib
- NetworkX
- Modeling
- Tensorflow
- Scikit Learn
- Keras
- GP Learn
- DEAP
- Graphx
- MLlib
- Compute Engine
- Spark
- Elastic Search
- Supported Data Formats (for now)
- CSV
- Parquet
- Flat File
The interface is meant to observe system events, and anomalies
- Dashboard (index)
- Anomalies
- Cases
- Modeling
- Settings
Go to INSTALL.md
Get the updated code & documentation on XS code here
Our main development, and documentation branches are first pushed to our sponsorship repository, and then eventually pushed to our public free repository. To obtain the most updated code, and documentation for OpenUBA, subscribe to our XS Code repository.
Discord Server: https://discord.gg/Ps9p9Wy
Telegram: https://t.me/GACWR