Please visit the current documentation over at the zentral wiki
Zentral is a open source Framework and server solution to manage configurations for osquery and santa - a build in event tracking, notification and time series event processing will complement these open source technologies.
It will enable you to gather specific information, filter events, trigger notification, into compelling event based automations and workflows. With Zentral's orchestration of osquery and Santa you'll be empowered by having a broader source of information and knowledge about your IT infrastructure, identify and react to changes on OS X and Linux clients.
It is an open source tool that can enhance stability and security thanks to its built-in integration of existing inventory solutions that are already on the market for the Mac platform.
Zentral will fit many kinds of public and private organizations which are either already utilizing or allow those that are wanting to utilize the Mac platform. It is ready for use in enterprise environments and is tailored towards #macadmins that want to enhance the tools, they already know, with a dedicated open source solution for better incident and event-based management.
Zentral is a great add on to strengthen productivity, stability, and security for the Mac platform - the full framework of Zentral will enable organizations in need, to establish a transparent, and open source Security Incident and Event Management Solution (SIEM), with outstanding OS X support.
latest update: November 2016
For Deployment look into this guide: https://github.com/zentralopensource/docs/blob/master/zentral-deployment.md
For a quick AWS based setup: https://github.com/zentralopensource/docs/blob/master/zentral-aws-setup.md
For a quick Google Cloud based setup: https://github.com/zentralopensource/docs/blob/master/zentral-gcloud-setup.md
latest update: May 2016
Please look into our Tutorial here: https://github.com/zentralopensource/docs/blob/master/zentral-tutorial.md
latest update: June 2016
You can find a FAQ section here: https://github.com/zentralopensource/docs/blob/master/zentral-faq.md
latest update: April 2016
Zentral web interface details:
- Django 1.9 Web Framework
- Bootstrap 3
- Nginx
This section is a short example overview from various areas in Zentral web interface as well as Kibana4 and Prometheus
List of devices in Inventory
Device detail view with basic facts and apps (synced from external inventory like Sal or JAMF Software Server)
Event details on sync with external Inventory via API connection (Sal or JAMF Software Server)
Details on osquery features and functionality: osquery
Results from osquery Probes returned to Zentral.
Status events returned from osquery as scheduled on client devices.
Details on Google Santa features and functionality: Google Santa
Events returned from Google Santa binary on client device.
Sync details returned from Google Santa binary on client device.
Zentral Probe detail view (no editing in Web UI currently) with direct link to Kibana4 UI [Elasticsearch button].
Notification actions for this osquery probe will send notification to:
- Slack notification
- Zendesk ticket creation
- JSS API - Group membership in JSS will changed as result (Demo video: Enforce JAMF MDM trigger with Zentral and osquery )
- SMS sended via Twilio gateway
Zentral Probe for community pack with direct link to Kibana4 UI [Elasticsearch button].
Zentral Probe for FIM with file paths to monitor.
- Slack notification
- Push notification to iOS via [Pushover]
Results for a osquery distributed query (details: osquery distributed )
Create a new distributed query
Probe results displayed in Kibana4 UI with details from the Elasticsearch database.
Time series overview of Application version changes (Firefox as example) sourced from all client devices.
Time series overview of OS X version updated sourced from all client devices.
