Inspiration
The security challenge and IncubateIND
What it does
It monitors the network traffic by analyzing web server logs and attempts and detecting and reporting attacks in real time. It also profiles your attackers based on their ips, the types of the attacks they perform and the number of times they perform it.
How we built it
It uses two apache servers running in a docker with a modified config to keep the logs in a shared volume. It then runs two daemons that parse those logs and persist it in a mongodb server. Another daemon analyzes the mongodb database of requests for anamolies and reports them. The flask webserver shows these reports in realtime in two pages: One page shows the realtime attacks and the other shows the attacker profiles. A ruby client generates random requests, both normal and with simulated attacks to generate the test data for the app.
Challenges we ran into
Building the server stack to test the product was a challenge. Initially we tried to dockerize all the components but eventually ran into trouble and had to mix-n-match the various components
Accomplishments that we're proud of
Building a functional prototype in less than 18 hours with so many different components working together. Since we had almost no knowledge of mongo and decided to use it, querying it as per our need to perform the analysis was hard/
What we learned
More docker and server/service management Mongo102
What's next for secfilter
Add more and real anomaly testing. Generate more realistic data Add better visualization of the analytics
Log in or sign up for Devpost to join the conversation.