Dynamite NSM is an network security monitor with an emphasis on very fast deployment, minimal configuration, and intuitive management.
Dynamite NSM can be installed and managed through a standalone commandline utility implemented in pure Python.
No need to download a huge ISO image or install a dedicated operating system!
It is compatible with both Python2 and 3, across these Linux distributions.
python setup.py install...And checkout the commandline walkthrough
Agents are scattered throughout your environment, and bind to a network interface (typically a mirrored port), after which traffic is forwarded to the monitor for enrichment and indexing.
| Component | Description |
|---|---|
| Zeek [2.6.1] | Previously Bro, Zeek is a powerful network analysis framework that is differs from your typical IDS. It is capable of enumerating detailed information surrounding network connections and their underlying protocols. |
| Suricata [4.1.4] | Suricata is an Intrusion Detection System (IDS), powered by the latest open EmergingThreat rule-sets. |
| Oinkmaster [2.0] | A script to automate management of Suricata rule-sets, and keep rules up-to-date. |
| PF_RING [7.4.0] | A new type of network socket that dramatically improves the packet capture speed. It is used in conjunction with the Zeek to improve packet analysis. |
| Filebeat [7.2.0] | A powerful log forwarder, with a built in queue mechanisms, and a pressure sensitive protocol that works in conjunction with Logstash. |
Your monitor is responsible for parsing, enriching, indexing, and visualizing analyzed traffic sent from multiple agents or NetFlow exporters.
| Component | Description |
|---|---|
| Logstash [7.2.0] | A server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it. |
| Elasticsearch [7.2.0] | A distributed, RESTful search and analytics engine. |
| Kibana [7.2.0] | A web-app that allows you to visualize your Elasticsearch data |
| ElastiFlow™ [3.5.0] | Provides network flow (and now Zeek!) data collection and visualization. |
| Synesis [1.1.0] | Provides Suricata data normalization and visualization. |
While there are quite a few components that are a part of Dynamite-NSM. Standing up a standalone agent/monitor deployment is very simple.
Check to see if your operating system is supported.
Linux Kernel: 2.6.32+
14 GB of RAM at least 4 vCPU
Grab the the release, and install.
python setup.py installInstall the monitoring components all on the same machine.
dynamite install monitorStart the monitor. The Kibana UI can be found at: http://localhost:5601
dynamite start monitorYou can login with the elastic user and the password you set during installation.
Linux Kernel: 2.6.32+
8+ GB of RAM at least 4 vCPU
Grab the the release, and install.
python setup.py installPrepare the agent, this installs any required kernel-headers needed to install the PF_RING kernel module.
dynamite prepare agentReboot, and install the agent. This process can take between 10 and 40 minutes depending on your specs.
dynamite install agent --interface mon01 --agent-label honeypot1 --ls-host <logstash-host> --ls-port 5044Start the agent
dynamite start agentIf you need to point the agent to a new monitor, this can be accomplished using the below command.
dynamite point agent --ls-host <new-logstash-host> --ls-port 5044In addition to being able to stand up the monitor as a single instance (ElasticSearch, Logstash, and Kibana all installed) This tool can also be used to install these components separately.
Check out the advanced guide here.