Categorygithub.com/saurlax/netvigil
modulepackage
0.0.0-20241231084030-07d7aa38b784
Repository: https://github.com/saurlax/netvigil.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
8
Dependents
0
Files
29 SLOC

# README

NetVigil

Network Traffic Monitoring and Analysis based Local Threat Intelligence Center

How to run

In order to run the program correctly, you need to create a config.toml file in the root directory, which should look like this:

# The period of checking for threats
check_period = '10s'

# The url of the web interface
# leave it empty if you don't want to use the web interface
web = '127.0.0.1:8080'

# Login credentials for the web interface
username = 'username'
password = 'password'

[[tic]]
type = 'local'

[[tic]]
type = 'threatbook'
apikey = 'your-api-key'

# You can add more TICs here

Here is all TICs you can use:

  • local: Local Threat Intelligence Center
  • netvigil: NetVigil, usually used for local network
  • threatbook: Threatbook
  • virustotal: VirusTotal
  • aliyun: Aliyun

In addition, you also need to provide a copy of GeoLite2-City.mmdb in the root directory, which you can find at GeoLite2 Website.

After that, build frontend resources

# install pnpm first if you haven't: npm i -g pnpm
cd frontend
pnpm i
pnpm run build

Then, run go project

cd ..
go get
go build .

Workflow

graph BT

subgraph LAN
client(NetVigil Client)
server(NetVigil Server)
client--if out-of-dated or not existed-->server
server--Emergency broadcast-->client
server--Ban the client if malicious IP found-->client
end

server--if out-of-dated or not existed-->public

subgraph public [Public Threat Intelligence Center]
Threatbook
Netvigil
...
end

APIs

PathMethodRequestResponseDescription
/api/loginPOST{username, password}Token
/api/netstatsGET?limit&pageNetstat[]Auth needed
/api/threatsGET?limit&pageThreat[]Auth needed
/api/configGETConfigAuth needed
/api/configPOSTConfigModify config, auth needed
/api/checkPOST{apikey, ips}Threat[]Check IP reputation

Types

type Netstat struct {
	ID         int64
	Time       int64  `json:"time"`
	LocalIP    string `json:"localIP"`
	LocalPort  uint16 `json:"localPort"`
	RemoteIP   string `json:"remoteIP"`
	RemotePort uint16 `json:"remotePort"`
	Executable string `json:"executable"`
	Location   string `json:"location"`
}

type Threat struct {
	ID          int64
	Time        int64            `json:"time"`
	IP          string           `json:"ip"`
	TIC         string           `json:"tic"`
	Reason      string           `json:"reason"`
	Risk        RiskLevel        `json:"risk"`
	Credibility CredibilityLevel `json:"credibility"`
}

FAQs

  • invalid go version '1.21.6': must match format 1.23

    Upgrade your go version to at least 1.21.6

  • Binary was compiled with 'CGO ENABLED=0', go-sqlite3 requires cgo to work. This is a stub

    Add CGO_ENABLED=1 to your user environment variable. If env is correctly set, you will see set CGO_ENABLED=1 with the fllowing command

    $ go env

  • cgo: C compiler "gcc" not found: exec: "gcc": executable file not found in %PATH%

    Install gcc to fix it

# Packages

No description provided by the author
No description provided by the author