Skip to content

A Privacy Friendly Framework for Multi-Domain Threat Analysis

Notifications You must be signed in to change notification settings

YakindanEgitim/NfQuery

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 

Repository files navigation

=====================================================================================
NfQuery : NfQuery: A Privacy Friendly Framework for Multi-Domain Threat Analysis  
=====================================================================================

.. contents::
..
    1  What is NfQuery Framework
      1.1  Components 
    2  Dependencies
    3  Documentation
    4  Download
    5  Copyright and License
    6  Author


What is it?
===============
The main function of NfQuery is creating useful queries to be used in the NfSen Plug-ins of each organization or 
domain registered to the Query Server (QS). Queries are fetched from QS and executed by Plug-ins on the aggregated
NetFlow data of organizations. As a result of these executions, NfSen Plug-in find the flow data which includes 
the related threat or attack information. After the detection, Plug-in alerts the QS automatically regarding the 
findings of the applied query.

By collecting and interpreting attack statistics from each Plug-in, NfQuery creates a general overview of the threat
trends seen in the multi-domain network. Finally, by utilizing the alerting system of NfSen, NfQuery becomes a threat
detection and security alerting system for multi-domain networks.

Components
---------------
a. Query Server (QS)
Query Server (QS) is placed in the center of the system and establishes the connection between all components. QS 
is composed of three sub-elements; Query Manager (QM), Query Generator (QG) and Query Repository (QR). 

b. NfQuery Plug-in
The NfQuery Plug-in is installed at each domain side over the NfSen instance at the domain and communicates with QS
to perform the administrator’s requests such as fetching new queries, updating query list, getting/sending statistical
reports and executing the queries over the flow data. 

c. Sources
NfQuery sources are the main components that provide threat information. This includes publicly available resources
such as Botnet C&C server lists (Amada SpyEye), DNS blacklists (DShield), malicious domains and phishing sites lists
or output of security analysis applications such as Honeypots, Intrusion Detection Systems (IDS), Intrusion Prevention
Systems (IPS) or Firewalls which may provide data in means of log files for private use in NfQuery framework.


Dependencies
============
Please see the file called plugin/INSTALL for plugin dependecies.
Please see the file called queryserver/INSTALL for queryserver dependecies.

The Latest Version
------------------
Details of the latest version can be found on the Official NfQuery Web Page.
http://nfquery.ulakbim.gov.tr

Documentation
-------------
Please see http://nfquery.ulakbim.gov.tr/

Installation
------------
Please see the file called plugin/INSTALL to install plugin.
Please see the file called queryserver/INSTALL to install queryserver.

Licensing
---------
Please see the file called LICENSE.

Author
======
Serdar Yigit <[email protected]>
Ahmet Can Kepenek <[email protected]>
Serhat Rifat Demircan <[email protected]>

About

A Privacy Friendly Framework for Multi-Domain Threat Analysis

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 51.8%
  • JavaScript 27.4%
  • PHP 13.3%
  • Perl 7.0%
  • Shell 0.5%