Sweet Security

Description

Sweet Security is a suite of tools which allows users to monitor local network traffic from a single device as small as a raspberry pi.

Client/Sensor

Bro IDS to monitor network traffic
(Optional) Critical Stack Intel to add threat intelligence feeds into Bro
Logstash to collect and normalize all Bro logs
Sweet Security code to scan the network and ARP spoof all local network traffic through the device

Server

Elasticsearch to store logstash and sweet security data
Kibana to visualize logs/data
Sweet Security code to search log data for interesting events
Apache/Flask web app to manage environment
More information can be found in the Sweet Security wiki on the Github repository.
Slides from the public presentations are available on the Github repository.

Categories

Network Defense
Forensics
Incident Response

Black Hat sessions

Code

https://github.com/travisfsmith/sweetsecurity

Lead Developer

Travis Smith

Social Media

Twitter ----