Skip to content
/ OpenUBA Public
forked from GACWR/OpenUBA

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

openuba.org

License

GPL-3.0 license
0 stars 265 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ddzzj/OpenUBA

BranchesTags
 
 

Repository files navigation

OpenUBA (Open User Behavior Analytics)

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry.

This project is a work in progress and in a pre-alpha state; input and contributions are warmly welcome

Status Type Status
Master Build Build Status
Development Build Build Status
Issues Issues
Closed Issues GitHub issues-closed
Last Commit Last commit
UI Docker Stars Docker Stars
UI Docker Pulls Docker Pulls
UI Docker Automated Docker Automated
UI Docker Build Docker Build
Server Docker Stars Docker Stars
Server Docker Pulls Docker Pulls
Server Docker Automated Docker Automated
Server Docker Build Docker Build
License License
Releases Downloads
Latest Release Downloads
Top Language Top language
Code Size Code size in bytes
Chat Discord

Architecture

Goals

To Build a lightweight, SIEM Agnostic, UEBA Framework focused on providing:

  • Modeling
    • Model Management
    • Community-driven Model Library
    • Model Version Control
    • Ready-to-use model modules
    • Feedback Loop for continuous model training
    • "Shadow Mode" for model and risk score experimentation
    • Simple model configuration workflow
  • Dashboard
    • Modern stack
    • Modular components
    • Live updating
  • Features
    • Rule Storage/Management
    • Case Management
    • Peer-oriented/community intel
    • Lightweight, SIEM-agnostic architecture
    • Flexible/open dataset support
    • Alerting/Ticketing system

Stack

  • Client Dashboard
    • React
    • Bootstrap
    • Node JS
    • Express JS
    • D3.js
  • Model Server (Remote or Local)
  • API Server
    • Flask
  • Visualization
    • Data Shader
    • Kibana
    • Matplotlib
    • NetworkX
  • Modeling
    • Tensorflow
    • Scikit Learn
    • Keras
    • GP Learn
    • DEAP
    • Graphx
    • MLlib
  • Compute Engine
    • Spark
    • Elastic Search
  • Supported Data Formats (for now)
    • CSV
    • Parquet
    • Flat File

User Interface (placeholder, UI being updated now)

The interface is meant to observe system events, and anomalies

Views

  • Dashboard (index)
  • Anomalies
  • Cases
  • Modeling
  • Settings

Installation/Usage

Go to INSTALL.md

Get the updated code & documentation on XS code here

Our main development, and documentation branches are first pushed to our sponsorship repository, and then eventually pushed to our public free repository. To obtain the most updated code, and documentation for OpenUBA, subscribe to our XS Code repository.

Discord (Main Server, and Dev Chat)

Discord Server: https://discord.gg/Ps9p9Wy

Telegram (Backup server, other communications)

Telegram: https://t.me/GACWR

About

A robust, and flexible open source User & Entity Behavior Analytics (UEBA) framework used for Security Analytics. Developed with luv by Data Scientists & Security Analysts from the Cyber Security Industry. [PRE-ALPHA]

openuba.org

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 49.7%
  • HTML 25.6%
  • JavaScript 22.7%
  • CSS 1.3%
  • Makefile 0.7%