Enhance Network Security with ProbeManager: Centralized Management for Intrusion Detection Systems

About ProbeManager

ProbeManager is a powerful centralized management tool for intrusion detection systems, designed to simplify the deployment tasks of detection probes and centralize all their functions in one place.

Generally, many intrusion detection systems (IDSs) including their software and rules are not updated regularly. This poses serious security risks for many small to medium-sized enterprises. To address this issue, ProbeManager was developed, allowing for better management of network and device security detection probes on the target system.

ProbeManager also allows us to check the status of probes and receive push notifications when issues or functional abnormalities occur. It is important to note that ProbeManager is not a SIEM, so it does not display probe output. Notably, ProbeManager is currently compatible with NIDS Suricata and Bro, and will soon be compatible with OSSEC.

Features

1. Search rules across all probes;

2. Enumerate all installed probes and their statuses;

3. Install and update probes;

4. Start, terminate, reload, and restart probes;

5. Push email notifications, indicating status changes;

6. RESTful API support;

7. View all asynchronous job tasks;

Tool Requirements

1. Python 3.5+;

2. pip;

3. Rabbitmq-server;

4. Postgresql;

Supported Platforms

1. OSX 12+ (for project development only)

2. Debian Stable

3. Ubuntu 14+

Tool Download

Researchers can directly use the following command to clone the project source code locally:

git clone --recursive https://github.com/treussart/ProbeManager.git

Then change to the project directory and execute the installation script:

cd ProbeManager

Installation for Development Environment

./install.sh

./start.sh

Installation for Production Environment

The default destination path is: /usr/local/share

Ensure you have write permissions for the target path:

./install.sh prod [destination path]

Django server:

[destination path]./start.sh prod

Apache (Debian only):

http://localhost

Run tests:

./test.sh

Then open the file in your web browser:

coverage_html/index.html

Tool Usage

 

Adding a Submodule

git submodule add -b master --name suricata https://github.com/treussart/ProbeManager_Suricata.git probemanager/suricata

Submodules must adhere to the following rules:

1. Include a version.txt file;

2. Include a README.rst file;

3. Write the “urls_to_register” value in urls.py;

4. Installation script: install.sh;

5. Database initialization script: init_db.sh;

Deploying ProbeManager in a Network

Deploying ProbeManager in a VPS

License Agreement

The development and release of this project adhere to the GPL-3.0 open source license agreement.

Project Address

ProbeManager:

https://github.com/treussart/ProbeManager