PatrowlEngines: Open Source, Free and Scalable Security Operations Orchestration Platform

PatrOwl

PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations.

PatrowlEngines is the engine framework and the supported list of engines performing the operations (scans, searches, API calls, …) in due time. The engines are managed by one or several instances of PatrowlManager.

PatrOwl is an advanced platform for orchestrating Security Operations like Penetration Testing, Vulnerability Assessment, Code review, Compliance checks, Cyber-Threat Intelligence / Hunting and SOC & DFIR Operations.

Fully-Developed in Python (Django for the backend and Flask for the engines). It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery.

Architecture

Technical Overview

Use

Assets

Add a new Asset

  1. Go to the creation form using the header menu bar or go directly to the URL /assets/add. Create new asset - Header menu
  2. The following form will be available: Create new asset - Form

Some tips:

ParametersDescriptionExamples
ValueValue of the asset8.8.8.8patrowl.iomyorg.localhttps://app.patrowl.io
NameQuick title of the assetMyCORP DNS A, Corporate Website
TypeType of the asset. Available scan policies will be filtered on this valueIPFQDNDOMAINURLKEYWORDPATH or PERSON
DescriptionFree text area for describing the assetCorporate website based on Drupal 7.3 and exposed on Internet
CriticityBusiness criticity of the asset. Global risk scoring will depend on this valueLowMedium or High
CategoriesList of tags to quickly describe the asset. Custom values could be added.WindowsDatabaseCorporate Website
  1. Click to the button “Create a new asset” to confirm the creation. You will be redirected to the assets list.

Engines

Add a new Engine

  1. Go to the creation form using the header menu bar or go directly to the URL /engines/add. Create new engine - Header menu
  2. The following form will be available: Create new engine - Form
ParametersDescriptionExamples
EngineType of the engineNMAPVIRUSTOTALARACHNICORTEXOWL_LEAKS
NameName of the enginenmap-001vt-001arachni-docker-001cortex-001oleaks-001
Api urlURL address of the enginehttp://localhost:5001/engines/nmap/http://external-server:5012/engines/owl_leaks/
EnableChoose if you want to enable the engine once createdn/a.
Authentication methodSelect the authentication method to access to the engine from the PatrowlManager host (Only ‘None’ is available for the moment)NoneHTTPBasicAPIKey
  1. Click to the button “Create a new engine” to confirm the creation. You will be redirected to the engines list.

Scans

Add a new Scan

  1. Go to the creation form using the header menu bar or go directly to the URL /scans/defs/addCreate new scan - Header menu
  2. The following form will be available: Create new scan - Form
ParametersDescriptionExamples
TitleTitle of the scan“List open ports on Internet-faced assets”“Scan XSS on corporate website”“Search technical leaks on GitHub and Twitter”
DescriptionDescription of the scan“Here a long description of the scan purposes”
Scan typeScans could be started once or periodically“On-Demand” or Periodical
Start scanSelect the moment to start the scan(s): Later (not now, just create the scan definition), Now or Scheduled at a precise datetime“Later”PeriodicalScheduled at
Search asset(s)Search and select asset(s) targeted by the scan. Search criteria are asset value, name, description and categories“8.8.8 +Enter “, DNS +Enter
Filter by Engine and Or, Filter by CategorySearch the scan policy using the Engine or the Category filtern/a
Select PolicySelect the scan policyn/a
Select EngineSelect the scan engine which will perform the scan each times. It could be Random and the first available engine will perform the scann/a
  1. Click to the button “Create a new scan” to confirm the creation. You will be redirected to the scans list.

Install

Copyright (C) 2018 Nicolas MATTIOCCO

Share