network IDS at scale
easily manage distributed IDS probes through dispersed traffic sources
an Open Source project to Visualize and Manage Suricata, Zeek & Moloch life cicles
OwlH was born to help security engineers to manage, analyze and respond to network threats and anomalies using Open Source Network IDS Suricata and Zeek, offering:
- Centralized Rule and Network IDS nodes Configuration Management
- Software TAP to capture cloud and distributed traffic in cloud and hybrid dispersed environments
- Centralized Visualization and Forensics
- Compliance Mapping
Current - v0.8.x
OwlH NODE - REST API
Networ IDS solutions
On-premises - Virtualized - Cloud
Software TAP (STAP) Modes
Threat Intelligence enrichment
OwlH MASTER - REST API
Single point of management
Traffic Forensics with Moloch
Threat Intelligence enrichment
Manage & Monitor
Open Rules - Ruleset management
Rulesets based on thirdparty providers
Auto update rulesets
Collect & distribute traffic
Analyze and Enrich
Manage & Visualize
React and Document
Keep your network IDS Suricata probes updated to be able to detect latest threats .
Define multiple rulesets, and apply to a single probe or to a group of probes.
Keep all them updated and sycronized.
Create and manage your threat detection toolset
Ruleset based on 3rd party providers
Integrate your favorite public or comercial ruleset feeds.
Define your schedule to automatically update them.
Clone 3rd party rules and customize them.
Create and import your own custom single rules or custom rules files.
Collect Traffic from windows and linux servers when ther is no a port mirror or span port option. Useful for Cloud and virtualized environments and for remote and small locations.
Choose your Software TAP mode:
Software TAP PULL mode
Your traffic is stored locally in your server and OwlH will collect it
Software TAP REALTIME mode
Your server will forward traffic in realtime to the OwlH Node component
& Easy to keep updated
Just tell us what should be on your instance and we will take care of it.
OwlH Installer will download and install needed packets and will install and update them to the latest version
NEW OwlH Installer
Define your appliance
individual components: OwlH Node, OwlH Master, OwlH UI
OR OwlH all-in-one (node, master and ui)
just define what should be in the appliance and Installer will prepare it
Keep OwlH stuff up-to-date
Define it as scheduled task and installer will keep your OwlH solution updated to latest version
Install a CentOS 7 based system
Download OwlH Installer
# wget http://repo.owlh.net/current-centos/owlh-allinone.sh
# bash owlh-allinone.sh
Point your browser https://your.owlh.ip,
PLEASE - Check your firewall configuration (doc)
OwlH deployment samples
Network IDS management
- Suricata and Zeek support
- Centralized Management
- Ruleset and Policies Management
- Network Interface, Kernel and NIDS Fine Tuning
- Traffic Capture:
- Security Alerts.
- Traffic and Protocol Analysis,
- Anomalies Detection
- Integration with ELK and other 3rd party Storage/Visualization Solutions
Are you a Wazuh user?
Easily add NIDS visibility to your Wazuh console
Wazuh agent for NIDS output transport
Wazuh decoders/rules for Suricata and Zeek
Single pane of glass - OwlH Dashboards in Kibana as well as Wazuh app
PCI-DSS mapping for Network IDS Alerts