Skip to content
/ netvigil Public

Network Traffic Monitoring and Analysis based Local Threat Intelligence Center

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

saurlax/netvigil

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

111 Commits
frontend
frontend
 
 
tic
tic
 
 
util
util
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
config.example.toml
config.example.toml
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

NetVigil

Network Traffic Monitoring and Analysis based Local Threat Intelligence Center

How to run

To compile this project, you need to install Node.js and Go in advance.

Firstly, build frontend resources

$ cd frontend
$ npm i
$ npm run build

Then, build go project

$ cd ..
$ go build .

In order to run the program correctly, you also need to provide a configuration file. You can directly copy config.example.toml and rename to config.toml to use the default configuration.

In addition, you also need to provide a copy of GeoLite2-City.mmdb in the root directory, which you can find at GeoLite2 Website.

Workflow

graph BT

subgraph LAN
client(NetVigil Client)
server(NetVigil Server)
client--if out-of-dated or not existed-->server
server--Emergency broadcast-->client
server--Ban the client if malicious IP found-->client
end

server--if out-of-dated or not existed-->public

subgraph public [Public Threat Intelligence Center]
Threatbook
Netvigil
...
end
Loading

APIs

Path Method Request Response Description
/api/login POST {username, password} Token
/api/netstats GET ?limit&page Netstat[] Auth needed
/api/threats GET ?limit&page Threat[] Auth needed
/api/config GET Config Auth needed
/api/config POST Config Modify config, auth needed
/api/check POST {apikey, ips} Threat[] Check IP reputation

Types

type Netstat struct {
	ID         int64
	Time       int64  `json:"time"`
	LocalIP    string `json:"localIP"`
	LocalPort  uint16 `json:"localPort"`
	RemoteIP   string `json:"remoteIP"`
	RemotePort uint16 `json:"remotePort"`
	Executable string `json:"executable"`
	Location   string `json:"location"`
}
type Threat struct {
	ID          int64
	Time        int64            `json:"time"`
	IP          string           `json:"ip"`
	TIC         string           `json:"tic"`      
	Reason      string           `json:"reason"`     
	Risk        RiskLevel        `json:"risk"`      
	Credibility CredibilityLevel `json:"credibility"`
}

FAQs

  • invalid go version '1.21.6': must match format 1.23

    Upgrade your go version to at least 1.21.6

  • Binary was compiled with 'CGO ENABLED=0', go-sqlite3 requires cgo to work. This is a stub

    Add CGO_ENABLED=1 to your user environment variable. If env is correctly set, you will see set CGO_ENABLED=1 with the fllowing command

    $ go env

  • cgo: C compiler "gcc" not found: exec: "gcc": executable file not found in %PATH%

    Install gcc to fix it

About

Network Traffic Monitoring and Analysis based Local Threat Intelligence Center

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages