General Architecture
Within DynamiteNSM a service is a collection of wrappers around a utility that provide the ability to perform actions like:
- installation
- configuration
- process management
- performance monitoring
- troubleshooting
Services can be grouped together into components. There are two primary components: the Agent and the Monitor.
Agents run on dedicated hardware that inspects mirrored traffic and forwards logs on to a downstream collector. The monitor is Dynamite's solution for indexing and presenting network events and insights forwarded from agents in a way useful to security analysts and threat hunters.
The Dynamite team also developed a very simple remote management utility called dynamite-remote that allows administrators remotely manage auth enabled instances.
Agent Services
The agent (sensor) is responsible for generating JSON events from raw network packets and forwarding these events to a monitor.
| Service | Project Link | Version | Description | License |
|---|---|---|---|---|
| Zeek | Github | 4.0.3 | Zeek (formerly Bro) is a free and open-source software network analysis framework. It provides an extremely powerful scripting language that can be used for everything from protocol parsing to file carving. | BSD |
| Suricata | Github | 4.1.8 | Suricata is an Intrusion Detection System (IDS), powered by the latest open EmergingThreat rule-sets. | GPL 2.0 |
| Filebeat | Github | 7.11.1 | Filebeat-OSS is a free and open-source log shipper written in GoLang. The utility is capable of forwarding logs to a variety of destination types. | Apache 2.0 |
Monitor Services
The monitor is responsible for collecting these events, enriching and normalizing them, and presenting them to the end-user through intuitive visualizations and a powerful search user interface
| Services | Project Link | Version | Description | License |
|---|---|---|---|---|
| Logstash | Github | 7.11.1 | A server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it. | Apache 2.0 |
| Elasticsearch | Github | 1.13.0 | A distributed, RESTful search and analytics engine. | Apache 2.0 |
| Kibana | Github | 1.13.0 | A web-app that allows you to visualize your Elasticsearch data | Apache 2.0 |