-
Notifications
You must be signed in to change notification settings - Fork 0
Artemis Network Traffic Virus Monitor - Standalone Edition [Deprecated]
License
atw31337/artemis-standalone
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
# This project has been deprecated by the artemis-distributed project. It may still work
# properly but lacks much of the functionality included in the newer version.
# It has also been quite some time since I tested the scripts in this project. Though I
# am no longer supporting this project, feel free to contact me if you have any specific
# questions or issues.
# Artemis Network Traffic Virus Monitor
# Author: Andrew Withers (atw31337@gmail.com)
________ ________ _________ _______ _____ ______ ___ ________
|\ __ \|\ __ \|\___ ___\\ ___ \ |\ _ \ _ \|\ \|\ ____\
\ \ \|\ \ \ \|\ \|___ \ \_\ \ __/|\ \ \\\__\ \ \ \ \ \ \___|_
\ \ __ \ \ _ _\ \ \ \ \ \ \_|/_\ \ \\|__| \ \ \ \ \_____ \
\ \ \ \ \ \ \\ \| \ \ \ \ \ \_|\ \ \ \ \ \ \ \ \|____|\ \
\ \__\ \__\ \__\\ _\ \ \__\ \ \_______\ \__\ \ \__\ \__\____\_\ \
\|__|\|__|\|__|\|__| \|__| \|_______|\|__| \|__|\|__|\_________\
\|_________|
################################# Description ###########################################
# Artemis works by monitoring a specific directory for new files. When a new file #
# is added to the directory, a child process decides which actions are required in #
# order to determine whether the file poses any threat to the network. First, #
# a hash of the file is created and compared against hashes of files that have #
# already been scanned and logged in the database. If the hash matches a file and #
# the result of the previous scan indicated that the file was infected, an alert #
# email is dispatched. If the hash is not present in the database and the number of #
# current scans is below the max concurrent scan threshold, the child will #
# begin the scanning process. If the max concurrent scans threshold has already #
# been reached, then the file is added to a queue. Artemis will scan the files that #
# have been queued as worker slots open up and more resources become available. #
#########################################################################################
#################################### Notes ##############################################
# Artemis was designed for, and tested on, Ubuntu 16.04 running Security Onion NSM. #
# At a minimum, Artemis requires that the Bro NSM be installed. Bro is utilized #
# to extract executable files from the network data stream in order to inspect them #
# for known viruses. Artemis "may" be compatible with other flavors of Debian #
# Linux, so long as the systemd service manager is utilized; however, Ubuntu is the #
# only flavor that has been tested and is currently supported. #
# #
# Ubuntu 16.04 downloads: #
# http://releases.ubuntu.com/xenial/ #
# #
# For more information about Security Onion visit: #
# https://securityonion.net/ #
# #
# For more information about Bro visit: #
# https://www.bro.org/ #
# #
# Questions, suggestions, and problem reporting: #
# https://groups.google.com/forum/#!forum/artemis-ntvm #
# #
#########################################################################################
########################### Installation instructions ######################################
# Enter the Artemis directory and run the Artemis install script
cd artemis
sudo ./artemis-installer
# or create an answer file using the install.conf template in the artemis/conf/ directory
# and run the installer in automated mode
sudo ./artemis-installer -f <answer file>
Example: sudo ./artemis-isntaller -f ./conf/install.conf
########################### Uninstall Instructions #########################################
# Run installer in uninstall mode and follow the prompts
sudo ./artemis-installer -u
#################################### Usage #################################################
Artemis Network Traffic Virus Monitor
Usage: artemis [OPTION]
Options:
-h This message
-v Print version information
-f Flush the hash cache
-w <SHA256 Hash> Add a SHA256 hash to the whitelist
-b <SHA256 Hash> Add a SHA256 hash to the blacklist
############################### Auxiliary Scripts ###########################################
Tracks - Artemis log interface
Usage: tracks [Time OPTION]...[Query OPTION]
If no Time option is selected or if it is placed after the Query option, the time period will default to the last 24 hours
Time Period Options:
-D <YYYY-MM-HH> Specific date
-M <YYYY-MM> Specific month
-Y <YYYY> Specific year
-H <HH> Specific hour of current day
-d <n> Last n number of days
-w <n> Last n number of weeks
-m <n> Last n number of months
-y <n> Last n number of years
-r <n> Last n number of hours
-i <n> Last n number of minutes
-R <Start> <End> Specific start and end Date/Time in YYYY-MM-DD HH:MM:SS format
-a all
Query options:
-F <SHA256 Hash> Query file(s) by hash
-S <Source IP> Query file(s) by source IP address
-T <Destination IP> Query file(s) by destination IP address
-I <Source or Destination IP> Query files(s) by Source or Destination IP address
-f <Filename> Query file by filename
Additional option:
-p Purge all log data
arteStat - Artemis statistical report generator
Usage: arteStat [OPTION]...
Report Period Options:
-D <YYYY-MM-HH> Specific date
-M <YYYY-MM> Specific month
-Y <YYYY> Specific year
-H <HH> Specific hour of current day
-d <n> Last n number of days
-w <n> Last n number of weeks
-m <n> Last n number of months
-y <n> Last n number of years
-r <n> Last n number of hours
-i <n> Last n number of minutes
-R <Start> <End> Specific start and end Date/Time in YYYY-MM-DD HH:MM:SS format
# exit
About
Artemis Network Traffic Virus Monitor - Standalone Edition [Deprecated]
Topics
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published