BuffaLogs is an Open Source Django Project whose main purpose is to detect impossible travel logins.
In detail, it sends several types of alerts:
-
Impossible Travel
It occurs when a user logs into the system from a significant distance within a range of time that cannot be covered by conventional means of transport.
-
Login from new device
This alert is sent if the user utilizes a new appliance.
-
Login from a new country
This alert is dispatched if the system is logged by a user from a country where they have never authenticated before.
For futher details: Wiki - About
| Honeynet | IntelOwl |
|---|---|
 |
 |
Since its birth, this project has been participating in the GSoC under the Honeynet Project!
- 2023: Project available
Stay tuned for the upcoming GSoC! Join the Honeynet Slack chat for more info.
First of all, and if you have not done that yet, read the contributor guide which will allow you to understand all this process and how the program works overall. Refer to its left side menu to quick access sections that may interest you the most, although we recommend you to read everything.
This is a required step and you can use the current issues as a start to propose your idea.
We are not limited to what is listed right now, if you want to propose a new idea, please discuss it with the mentors in Honeynet slack channel #2023-buffalogs. We're always open to new ideas and won't hesitate on choosing them if you demonstrate to be a good candidate!
- You're committing to a project and we ask you to publicly publish your weekly progress on it in Github.
- We will ask you to give feedback on our mentorship and management continuously. Communication is key to the success of the project.
- You wholeheartedly agree with the code of conduct.
- You must tell us if there's any proposed idea that you don't think would fit the timeline or could be boring (yes, we're asking for feedback).
We recommend you to follow Google's guide to Writing a Proposal.
Once you have a draft proposal please share it with us via gsoc slack channel #2023-buffalogs.
You can also ask for a review anytime to the community or mentor candidates before the contributor application deadline. It's much easier if you get feedback early than to wait for the last moment.
BuffaLogs employs the following tools which have to be installed on the machine:
Then, you clone this repository on your local computer with:
git clone [email protected]:certego/BuffaLogs.gitThen load the elasticsearch templates running the load_templates.sh script from buffalogs_module/config/elasticsearch:
./load_templates.shNow, you are ready to start up the application by running:
sudo docker-compose up -dResults are available at localhost:80
For futher examples: Wiki - Example
BuffaLogs is able to analyse logs coming from any source, provided that it complies with the Elastic Common Schema and with the given structure:
```
{
"user": {
"name": <user_name>
},
"event": {
"outcome": <"success" OR "failure">
},
"geoip": {
"latitude": <latitude>,
"longitude": <longitude>,
"country_name": <country_name>
},
"user_agent": {
"original": <user_agent>
}
}
```
For a basic analysis to detect only impossible travel logins, the user_agent field is useless.
For futher details: Wiki - Architecture
To uninstall and remove all files, delete all containers with:
sudo docker-compose down -v
Then you can safely delete this repository.
BuffaLogs is an Open Source project and was developed in order to allow enrichments from people with any level of experience, but please read carefully the Contribution guidelines before making any changes to the project.