melody
Melody is a transparent internet sensor built for threat intelligence and supported by a detection rule framework which allows you to tag packets of interest for further analysis and threat monitoring.
This tool has multiple use cases :
- Build historic data to extract trends and patterns
- Keep an eye on specific threats
- Monitor emerging threats exploitation
- Index malicious activity by detecting exploitation attempts and targeted scanners
- Log every contact your application receives from the internet to find potentially malicious activity
Deploying it can be as easy as pulling the latest compiled binary or the official Docker image.
Add your favorite rules, some configuration tweaks, a BPF to clean the noise a bit, and then forget it and let the internet symphony flow to you.
You can tweak the options either with a file or directly by passing options through the CLI, allowing Melody to act as a standalone application.
Melody will also handle log rotation for you. It has been designed to be able to run forever on the smallest VPS while handling millions of packets a day.
Features
Here are some key features of Melody :
- Transparent capture
- Write detection rules and tag specific packets to analyze them at scale
- Mock vulnerable websites using the builtin HTTP/S server
- Supports the main internet protocols over IPv4 and IPv6
- Handles log rotation for you: Melody is designed to run forever on the smallest VPS
- Minimal configuration required
- Standalone mode: configure Melody using only the CLI
- Easily scalable :
- Statically compiled binary
- Up-to-date Docker image
Use cases
Internet-facing sensor
- Extract trends and patterns from Internet’s noise
- Index malicious activity, exploitation attempts, and targeted scanners
- Monitor emerging threats exploitation
- Keep an eye on specific threats
Stream analysis
- Build a background noise profile to make targeted attacks stand out
- Replay captures to tag malicious packets in a suspicious stream
Install & Use
Copyright (c) 2020 bonjourmalware
