After a brief pause we are ready to extend Poseidon. Look for additional refinements to the machine learning, a simpler architecture, and better results. We start coding soon.
Situational awareness underpins informed decisions. Understanding what comprises a network, and what network elements are doing is essential. Without situational awareness and context, defending a network remains a difficult proposition.
Can SDN and machine learning answer:
- What devices comprise my network?
- What are devices doing?
sudo mkdir -p /data/db
git clone https://github.com/Lab41/poseidon.git
cd poseidon
*editor* config/poseidon.config
make compose
/data/db
directory for mongodb database; you can use a different directory by updating thedocker-compose.yaml
- under the
storage
section, updatevolumes
to/path/to/your/dir:/data/db
with the path to the directory to store mongodb records.
- Under the
[PoseidonStorage]
section, update the following: database
to the external ip of the host machine running mongodb (or thedocker-machine ip
if using boot2docker or similar - making sure that write-persistent volumes can be mounted). NOTE: without this configuration, poseidon will fail to build.
- Under
[PoseidonMain]
section, update the following: database
to the name of the database storing the network graph documents (default isposeidon_records
)collection
to the name of the collection storing the network graph documents (default isnetgraph_beta
)collector_nic
to the nic on the machine running vent that is configured with the controller to capture trafficcollector_interval
to the collection interval in seconds (default is30
for a capture length of 30 seconds)collector_filter
to limit what gets captured off the controller (default is empty string for no filters, see the collector documentation for details)vent_ip
to the ip of the box running the vent collectorvent_port
to the external port of the nfilter vent containerstorage_interface_ip
to the external ip of the poseidon-storage-interface container (NOTE: this should be the same as thedatabase
field ofPoseidonStorage
, unlesss the storage-interface container is being run on a different machine)storage_interface_port
to the external port of the poseidon-storage-interface container only if changed from the default of28000
- Update the
controller_uri
ip address,contrller_user
,controller_pass
of the[NorthBoundControllerAbstraction:Handle_Periodic]
section. NOTE: without this configuration, poseidon will not be able to talk to the controller
- Docker (If installing from a clean machine, a startup.sh script resides in the repo that can be used to
install docker and docker-compose for an Ubunut 16.04 box. Make this script executable and then
run with
sudo ./startup.sh
.) - make
- docker-compose (the 1.8 release of docker-compose can be installed with
make compose-install
)
Tests are currently written in py.test for Python. The tests are automatically run when building the containers.
They can also be tested using:
make test
Installing docker-compose is usually a seperate event to installing docker. Even if you installed docker-compose it may not be the most recent version. The version that works with our docker-compose.yaml
:
docker-compose version
docker-compose version 1.8.0, build f3628c7
docker-py version: 1.9.0
CPython version: 2.7.9
OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013
the latest version of compose can always be pulled from the docker repo
Want to contribute? Awesome! Issue a pull request or see more details here.