Skip to content
/ netvigil Public

Network Traffic Monitoring and Analysis based Local Threat Intelligence Center

0 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

saurlax/netvigil

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

144 Commits
frontend
frontend
 
 
tic
tic
 
 
util
util
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

NetVigil

Network Traffic Monitoring and Analysis based Local Threat Intelligence Center

How to run

In order to run the program correctly, you need to create a config.toml file in the root directory, which should look like this:

# The period of checking for threats
check_period = '10s'

# The url of the web interface
# leave it empty if you don't want to use the web interface
web = '127.0.0.1:8080'

# Login credentials for the web interface
username = 'username'
password = 'password'

[[tic]]
type = 'local'

[[tic]]
type = 'threatbook'
apikey = 'your-api-key'

# You can add more TICs here

Here is all TICs you can use:

  • local: Local Threat Intelligence Center
  • netvigil: NetVigil, usually used for local network
  • threatbook: Threatbook
  • virustotal: VirusTotal
  • aliyun: Aliyun

In addition, you also need to provide a copy of GeoLite2-City.mmdb in the root directory, which you can find at GeoLite2 Website.

After that, build frontend resources

# install pnpm first if you haven't: npm i -g pnpm
cd frontend
pnpm i
pnpm run build

Then, run go project

cd ..
go get
go build .

Workflow

graph BT

subgraph LAN
client(NetVigil Client)
server(NetVigil Server)
client--if out-of-dated or not existed-->server
server--Emergency broadcast-->client
server--Ban the client if malicious IP found-->client
end

server--if out-of-dated or not existed-->public

subgraph public [Public Threat Intelligence Center]
Threatbook
Netvigil
...
end
Loading

APIs

Path Method Request Response Description
/api/login POST {username, password} Token
/api/netstats GET ?limit&page Netstat[] Auth needed
/api/threats GET ?limit&page Threat[] Auth needed
/api/config GET Config Auth needed
/api/config POST Config Modify config, auth needed
/api/check POST {apikey, ips} Threat[] Check IP reputation

Types

type Netstat struct {
	ID         int64
	Time       int64  `json:"time"`
	LocalIP    string `json:"localIP"`
	LocalPort  uint16 `json:"localPort"`
	RemoteIP   string `json:"remoteIP"`
	RemotePort uint16 `json:"remotePort"`
	Executable string `json:"executable"`
	Location   string `json:"location"`
}
type Threat struct {
	ID          int64
	Time        int64            `json:"time"`
	IP          string           `json:"ip"`
	TIC         string           `json:"tic"`
	Reason      string           `json:"reason"`
	Risk        RiskLevel        `json:"risk"`
	Credibility CredibilityLevel `json:"credibility"`
}

FAQs

  • invalid go version '1.21.6': must match format 1.23

    Upgrade your go version to at least 1.21.6

  • Binary was compiled with 'CGO ENABLED=0', go-sqlite3 requires cgo to work. This is a stub

    Add CGO_ENABLED=1 to your user environment variable. If env is correctly set, you will see set CGO_ENABLED=1 with the fllowing command

    $ go env

  • cgo: C compiler "gcc" not found: exec: "gcc": executable file not found in %PATH%

    Install gcc to fix it

About

Network Traffic Monitoring and Analysis based Local Threat Intelligence Center

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages