Nethive Project
The Nethive Project provides a Security Information and Event Management (SIEM) infrastructure empowered by CVSS measurements. This infrastructure offers zero to no latency vulnerability monitoring and has been empowered by ELK Infrastructure as well. The infrastructure prioritizes flexibility, as we construct the infrastructure with plug-and-play engines through Docker. We also use the Kafka server to relay event messages between engines, making it lightning fast in terms of event data relaying. The infrastructure has 4 different components back boning it.
Nethive Engine monitors every request coming through the HTTP protocol to detect and identify any attempt of SQL Injection attacks. It also anonymously monitors every SQL query response to provide a wide range of XSS protection for your server, with both Stored and Reflected XSS attacks fully covered.
Nethive Auditing watches everything that happens inside your valuable system, with your permission of course. This would detect any strange and suspicious activity inside the system, whether it is a post-exploitation attempt of an attack, or simply someone you trust is making mistakes inside your system.
Nethive Dashboard provides you with a resourceful, sleek user interface that gives you the advantage of knowing everything. From resource consumption to the recent read-write action, it gives you a full detail of what’s happening, in near real-time.
Nethive CVSS analyzes the unfortunately already happening attacks and measures its vulnerability metrics, making sure you are ready to put your reports done in no time.
Features
- Machine Learning powered SQL Injection Detection
- Server-side XSS Detection based on Chrome’s XSS Auditor
- Post-exploitation Detection powered by Auditbeat
- Bash Command History Tracker
- CVSS Measurement on Detected Attacks
- Realtime Log Storing powered by Elasticsearch and Logstash
- Basic System Monitoring
- Resourceful Dashboard UI
- Notify Suspicious Activity via Email
