farm9.org
Open Source Security Tools for the Security Professional
Home
Projects
Harvester Project
Architecture Overview
Module Overview
Data Flow Example
FAQ
Timeline
Contributors
Code and Documentation
Cryptcat Project
Audit Tools Project
Mudpit Project
Mailing Lists
Mailing List Info
Harvester Archives
Cryptcat Archives
Audit Tools Archives
General
Call for Participation
Press/News
Sponsors
Licensing
Contact Us

Harvester Project

The Harvester system allows security professionals to develop and deploy site message logging and monitoring in a quick, uniform and simple manner. The open source project for Harvester will be jumpstarted based on the existing software developed by farm9.com, Inc. The current code-base in production has processed in excess of 100 million events in a single month. Initial focus is on delivering a quality, high performance processing core. Maximum benefit can be realized only with the addition of modules such as interfaces, advanced analysis routines, advanced reporting, etc.

Initial development activity will be focused on cleaning the existing code-base, separating core engine functions and packaging code into extensible plug-in modules.

Introduction

Harvester is currently based on the following open source tools: OpenBSD, Linux, Mysql, Apache, PHP, Zope, Perl, Python, Sabernet, Jpgraph, Snort, Nessus, Whisker.

The core engine provides near real-time data collection from host systems (web, mail, etc.), network infrastructure systems (router, switch, DNS, PDC/BDC, etc.) and security infrastructure systems (firewall, HIDS, NIDS, VPN, etc.).

Robust consolidation is provided through a centralized database repository. The scoring system provides for standardizing event priorities across different system types and can be used for customizing scores for specific environments. A separate plug-in module provides automation of audit trail archiving.

Project Focus

The Harvester Project will initially focus on providing the core technologies required to build a scalable event collection & correlation system. Future enhancements will focus on user interface and integration issues.

Future Direction

Comprehensive analysis will be provided across several modules: Correlation, Vulnerability Management and Event Management modules. The Correlation module will provide advanced event detection. The Vulnerability Management module will combine system testing with osvdb.org vulnerability alerts. The Event Management module provides ticket creation, escalation, tracking and reporting capabilities.
Copyright © 2005 farm9.com, Inc. - All Rights Reserved.
Last modified: January 01, 1970 00:00:00 UTC