forked from ULAKBIM/NfQuery
-
Notifications
You must be signed in to change notification settings - Fork 1
YakindanEgitim/NfQuery
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
=====================================================================================
NfQuery : NfQuery: A Privacy Friendly Framework for Multi-Domain Threat Analysis
=====================================================================================
.. contents::
..
1 What is NfQuery Framework
1.1 Components
2 Dependencies
3 Documentation
4 Download
5 Copyright and License
6 Author
What is it?
===============
The main function of NfQuery is creating useful queries to be used in the NfSen Plug-ins of each organization or
domain registered to the Query Server (QS). Queries are fetched from QS and executed by Plug-ins on the aggregated
NetFlow data of organizations. As a result of these executions, NfSen Plug-in find the flow data which includes
the related threat or attack information. After the detection, Plug-in alerts the QS automatically regarding the
findings of the applied query.
By collecting and interpreting attack statistics from each Plug-in, NfQuery creates a general overview of the threat
trends seen in the multi-domain network. Finally, by utilizing the alerting system of NfSen, NfQuery becomes a threat
detection and security alerting system for multi-domain networks.
Components
---------------
a. Query Server (QS)
Query Server (QS) is placed in the center of the system and establishes the connection between all components. QS
is composed of three sub-elements; Query Manager (QM), Query Generator (QG) and Query Repository (QR).
b. NfQuery Plug-in
The NfQuery Plug-in is installed at each domain side over the NfSen instance at the domain and communicates with QS
to perform the administrator’s requests such as fetching new queries, updating query list, getting/sending statistical
reports and executing the queries over the flow data.
c. Sources
NfQuery sources are the main components that provide threat information. This includes publicly available resources
such as Botnet C&C server lists (Amada SpyEye), DNS blacklists (DShield), malicious domains and phishing sites lists
or output of security analysis applications such as Honeypots, Intrusion Detection Systems (IDS), Intrusion Prevention
Systems (IPS) or Firewalls which may provide data in means of log files for private use in NfQuery framework.
Dependencies
============
Please see the file called plugin/INSTALL for plugin dependecies.
Please see the file called queryserver/INSTALL for queryserver dependecies.
The Latest Version
------------------
Details of the latest version can be found on the Official NfQuery Web Page.
http:https://nfquery.ulakbim.gov.tr
Documentation
-------------
Please see http:https://nfquery.ulakbim.gov.tr/
Installation
------------
Please see the file called plugin/INSTALL to install plugin.
Please see the file called queryserver/INSTALL to install queryserver.
Licensing
---------
Please see the file called LICENSE.
Author
======
Serdar Yigit <[email protected]>
Ahmet Can Kepenek <[email protected]>
Serhat Rifat Demircan <[email protected]>
About
A Privacy Friendly Framework for Multi-Domain Threat Analysis
Resources
Stars
Watchers
Forks
Releases
No releases published
Languages
- Python 51.8%
- JavaScript 27.4%
- PHP 13.3%
- Perl 7.0%
- Shell 0.5%