Flexible, scalable, no vendor lock-in and no license cost. Join us on Slack
We will help you to be successful with your Owlh first deployment
Become part of our Open Source Community or access our professional support and services.
OwlH was born to help security engineers to manage, analyze and respond to network threats and anomalies using Open Source Network IDS Suricata and Zeek, offering:
Centralized Rule management and Network IDS nodes Configuration Management
Software TAP to capture cloud and distributed traffic in cloud and hybrid dispersed environments
Traffic Forensics with Moloch
Centralized Visualization
Compliance Mapping
Define each probe as an stand-alone system
Manage probes configuration individually
Create groups of nodes
share rulesets and services configurations between nodes in a same group
Use REST API to manage and configure your probes,
No user Interface, just your app and our API
Suricata
Zeek
On-premises - Virtualized - Cloud
Software TAP (STAP) Modes
Traffic Dispatcher
Threat Intelligence enrichment
Traffic Analysis
Multiple Nodes
Single point of management
Traffic Forensics with Moloch
Traffic Dispatcher
Threat Intelligence enrichment
Traffic Analysis
Manage & Monitor
Rulesets based on thirdparty providers
Custom Rulesets
Auto update rulesets
Keep your Suricata network IDS probes updated
Define multiple rulesets, and apply all them to a single probe or to a group of probes.
Keep all them updated and synchronized
=> Integrate/import your favorite public or comercial ruleset feeds.
=> Define your scheduled tasks to automatically update them.
=> Clone 3rd party rules and customize them.
=> Create and/or import your own custom single rules or custom rules files.
=> Edit, Enable, Disable, your Rules from the User Interface
Software TAP helps to collect Traffic from windows and linux servers when there is no a port mirror or span port option.
Useful for Cloud and virtualized environments and for remote and small locations.
Your traffic is stored locally in your server and OwlH will collect it
Your server will forward traffic in realtime to the OwlH Node component
Just tell us what should be on your instance and we will take care of it.
OwlH Installer will download and install needed packets and will install and update them to the latest version
individual components: OwlH Node, OwlH Master, OwlH UI
OR OwlH all-in-one (node, master and ui)
just define what should be in the appliance and Installer will prepare it
Define it as scheduled task and installer will keep your OwlH solution updated to latest version
Install a CentOS 7 based system
Download OwlH Installer
Run installer
Enjoy experience
# wget http://repo.owlh.net/current-centos/owlh-allinone.sh
# bash owlh-allinone.sh
Point your browser https://your.owlh.ip,
https://your.owlh.ip:50001/v1/home
PLEASE - Check your firewall configuration (doc)
Few samples are:
Collect your traffic, analyze it and forward it to a central console to be able to forensics your traffic with Moloch.
you don't need to have your Network IDS locally. Just upload your PCAP to your OwlH Cloud environment and see results in your Wazuh SaaS
Suricata and Zeek support
Centralized Management
Ruleset and Policies Management
Network Interface, Kernel and NIDS Fine Tuning
Traffic Capture:
Security Alerts.
Traffic and Protocol Analysis,
Anomalies Detection
Integration with ELK and other 3rd party Storage/Visualization Solutions