Skip to content

maniteja123/isms

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
API
API
 
 
isms
isms
 
 
isms_doc
isms_doc
 
 
.zip
.zip
 
 
README.asciidoc
README.asciidoc
 
 
isms_doc.zip
isms_doc.zip
 
 

Repository files navigation

isms

Introduction

Alert Management is a component of ISMS, Information Security Management System This component will be responsible to collect alerts from different sources and will allow the administrator to manage them. There are Alert sources and Alert managers to function as Clients and Servers.

The Alert sources will be referred as Alert Generator (AG) hereafter. The alert generators will submit the alerts to centralized ISMS-alert collector. They are independent clients which represent a class of sources categorized by the types of alerts generated by them.

The Alert collector will be responsible for collecting alerts, displaying alerts and management of alerts. The Alert collector is responsible for collection and registration of alert generated from Alert Generators The Alert manager provides a UI for displaying the alerts.

Folder structure

isms

  1. isms

    1. settings.py

    2. urls.py

  2. alertcollector

    1. models.py

    2. views.py

    3. urls.py

  3. functions

    1. client.py

  4. logs

    1. client.log

    2. server.log

  5. config

    1. server

      1. server_conf.ini

    2. client

      1. key.py

API

  1. API

    1. settings.py

    2. urls.py

  2. server

    1. models.py

    2. views.py

    3. urls.py

  3. functions

    1. client.py

  4. config

    1. client

      1. client_conf.ini

    2. server

      1. server_conf.ini

  5. manage.py

ISMS

isms

Configurations of the django server

settings.py

Contains the settings of the django server and the apps used by the server.ISMS uses postgresql database backend and alertcollector app.

urls.py

Contains the valid urls at which alert generators can communicate with the central server.

alertcollector

Alert generator models and Alert collector views to respond to the requests sent by alert generator API.

models.py

Contains the alert generator, alert group and alert class models.

Alert generator Model
Attribute DataType Description

alert_gen_id

int

ID of alert generator

alert_gen_name

str

Name of alert generator

alert_gen_author

str

Author of alert generator

deleted

boolean

Indicates whether generator is deleted

alert_gen_ip

str

IP address of alert generator

alert_gen_key

int

Unique key of alert generator
Alert group Model
Attribute DataType Description

alert_group_id

int

ID of alert group

alert_group_name

str

Name of alert group

alert_group_description

str

Details of alert group

alert_gen

alert generator

Foreign key to alert generator

deleted

boolean

Indicates whether alert group is deleted
Alert class Model
Attributes DataType Description

alert_class_id

int

ID of the alert class

alert_class_name

str

Name of alert class

alert_class_description

str

Description of alert class

alert_class_help

str

Help information of alert class

alert_class_syntax

str

syntax of alert class

alert_class_filter_syntax

str

Filtering syntax of alert class

alert_class_parent

str

Parent alert class(if any)

alert_group

alert group

Foreign key to alert group

is_operator

boolean

Indictes whether class is operator

is_filter

boolean

Indicates whether it can be filtered

deleted

boolean

Indicates whether alert class is deleted

views.py

Contains the methods to respond to requests like registering alert generators.

Methods

The main views in views.py are:

Method Return Type Parameters Description

add_generator

response(str)

request(HTTP)

Registers alert generator in database

verify_generator

response(str)

request(HTTP)

Verifies alert generator

update_generator

response(str)

request(HTTP)

Updates alert generator properties

delete_generator

response(str)

request(HTTP)

Deletes alert generator from database

add_group

response(str)

request(HTTP)

Registers alert group in database

verify_group

response(str)

request(HTTP)

Verifies alert group

update_group

response(str)

request(HTTP)

Updates alert group properties

delete_group

response(str)

request(HTTP)

Deletes alert group from database

add_class

response(str)

request(HTTP)

Registers alert class in database

===================================

Response example ================================== VIEW

add_generator()

RESPONSE SENT

{"status": "Generator already exists", "code": 200} ==================================

urls.py ^^^ Contains the valid urls at which the alert generators can communicate with the views of alert collector app.

functions ~~~ Client Functions of the alert collector.

client.py ^^^ Contains funtions for the alert collector to send requests to alert generators like instantiating alert generator and profiling alert generator.

Methods + The main methods of client.py are:

[align="center",options="header"]

============================================

Method

Return Type

Parameters

Description

get_ip

ip(str)

name(str)

retrieves ip of generator from database

instantiate_alert_generator

response(str)

gen_name(str), alert_class_id(int), alert_id(int), args(dict)

sends alert instantiation request to generator

profile_alert_generator

response(str)

gen_name(str), alert_class_id(int), alert_id(int), args(dict)

sends alert profiling request to generator

============================================

Parameters ++ The parameters for the methods are:

[align="center",options="header"]

=====================================

Parameter

Description

gen_name

Name of the alert generator

alert_class_id

ID of the alert group

alert_id

ID of the alert class instance

args

dict of the attributes of instance

====================================

Function call example =========================================== FUNCTION

instantiate_alert_generator("HIDS","TCP_MISSING","12133",{"port":"80"})

RESPONSE RECEIVED

{"status":"alert generator instantiated","code":200} ========================================

config ~~ Files to generate API to the alert generators

client ^^ Files to generate API to the alert generators

key.py

IMPORTANT Required for authentication purpose.Necessarily needs to be private to the alert collector

Function to generate a unique key and copy of API to the newly registered alert generator, which is used for further communication between alert generator and alert collector.

server ^^

server_conf.ini +

INI file for storing database configurations of the alert collector

[align="center",options="header"]

=====================================

Parameter

Description

name

Name of the alert collector database

user

Username of postgresql database backend

password

Password of postgresql database backend

===================================== logs ~~ Activity logs of the client and server of the alert collector.

LEVELS ^^^ Levels of severity of the log records

------------- DEBUG INFO WARNING ERROR -------------

client.log ^^^^ Records log about the client communication with the alert generators

========== Wed, 16 Jul 2014 12:20:05 INFO Sending POST Request to alert generator HIDS =========

server.log ^^^^ Records logs about the server communication with the alert generators

========= Tue, 15 Jul 2014 15:55:48 INFO Successfully registered alert class TCPPORT_MISSING ========

manage.py ~~~~ Handles the functioning of django server of the alert collector.

API ---

API ~

settings.py ^^^^^

Contains the settings of the django server and the apps used by the API.API uses server app and functions provided by the alert generator to respond to requests

urls.py ^^^ Contains the valid urls at which alert collector can communicate with the API server

server ~~

views.py ^^^^ Contains the methods to respond to requests like instantiating alert generators.

Methods +

The views of the alert generator API are:

[align="center",options="header"]

=====================================

Method

Return Type

Parameters

Description

instance_create

response(str)

request(HTTP)

Instantiating the alert generator

alert_profile

response(str)

|Method |Return Type |Parameters |Description s|get_server_ip m|ip(str) m|- e|Retrieves the IP of alert collector from server_conf.ini file s|register_alert_generator m|name(str) ,author(str) ,ip(str), key(int) m|response(str) e|Registering alert generator s|verify_alert_generator m|name(str) ,author(str) ,ip(str), key(int) m|response(str) e|Verifying alert generator s|update_alert_generator m|name(str) ,author(str) ,ip(str), key(int), args(dict) m|response(str) e|Updating properties of alert generator s|delete_alert_generator m|name(str) ,author(str) ,ip(str), key(int) m|response(str) e|Deleting alert generator s|register_alert_group m|name(str), desc(str), gen(name), author(str), ip(str), key(int) m|response e|Registering alert group s|verify_alert_group m|name(str), desc(str), gen(name), author(str), ip(str), key(int) m|response e|Verifies alert group s|update_alert_group m|name(str), desc(str), gen(name), author(str), ip(str), key(int), args(dict) m|response e|Updates properties of alert group s|delete_alert_group m|name(str), desc(str), gen(name), author(str), ip(str), key(int) m|response m|Deletes alert group s|register_alert_class m|name(str) desc(str) help(str) syntax(str), filter(str), parent(str), group(str), ip(str), key(int) m|Registers the alert class

Parameters ++ The parameters of functions are:

[align="center",options="header"]

|Parameter |Description s|name e|Name of alert generator/group/class s|author e|Author of alert generator who registered it s|ip e|IP address of the alert generator author s|key e|Key provided by alert collector during registration s|desc e|Description of alert group s|gen e|Generator to which the alert group belongs to s|group e|Group to which the alert class belongs to s|help e|Help information about the alert class s|syntax e|Syntax regarding the alert class s|filter e|Class can be filtered (Empty string means False) s|parent e|Parent alert class of the alert class

Function call example =========================================== FUNCTION

register_alert_generator("HIDS","admin",127.0.0.1,2345325))

RESPONSE RECEIVED

{"status": "Generator already exists", "code": 200} ========================================

config ~~ Configuration files of the alert generator and alert collector

client ^^ Client configuration like path to functions to instantiate alerts.

client_conf.ini + INI file to store the configurations of alert generator

[align="center",options="header"]

=====================================

Parameter

Description

name

Name of the alert generator

functions

Path to the functions of the alert generator

=====================================

server ^^ Server configuration

server_conf.ini + INI file for storing configurations of the alert collector

[align="center",options="header"]

=====================================

Parameter

Description

name

Name of the alert collector

ip

IP address of the alert collector to send requests for alert registration

=====================================

manage.py ~~~~ Handles the functioning of django server of the alert generator.

------------------ Author: Maniteja Date: July 2014 ------------------

About

Information Security Monitoring System

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages