Python
  • Blog
  • Contact
    • Overview
    Issues 3

    An analytical framework for network traffic and behavioral analytics

    austin-taylor austin-taylor Last update: Apr 19, 2024

    Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics, and intended to make identifying malicious behavior in networks as simple as possible.

    Getting Started

    Currently supports python 2.7 and python 3

    sudo pip install -r requirements.txt
python setup.py install

    First Use

    Once Flare is installed you may use it via the command line by calling flare_beacon. You can use command line parameters or call a configuration file (recommended). See the configs directory for sample configuration files.

    Example command below:

    flare_beacon -c /path/to/flare/config/elasticsearch.ini --focus_outbound --whois flare_beacon -json /tmp/flare.json

    Core Features

    • Command and Control Analytics
      • Identify Beaconing in your environment (works with Suricata output and ElasticSearch)
    • Feature Extraction
      • Helper utility functions to filter out the noise.
    • Alexa, Umbrella, and Majestic Million (coming soon)
    • WHOIS IP Lookup
    • Pre-build machine learning classifiers
    • So much more...

    Analytics

    Beaconing

    Designed for elasticsearch and Suricata, elasticBeacon will connect to your elasticsearch server, retrieve all IP addresses and identify periodic activity.

    You may need to forward port 9200 to your localhost with ssh -NfL 9200:localhost:9200 [email protected]

    from flare.analytics.command_control import elasticBeacon

eb = elasticBeacon(es_host='localhost')
beacons = eb.find_beacons(group=True, focus_outbound=True)

    Also available in commandline:

    CSV OUTPUT
flare_beacon --whois --focus_outbound -mo=100 --csv_out=beacon_results.csv

HTML OUTPUT
flare_beacon --group --whois --focus_outbound -c configs/elasticsearch.ini -html beacons.html

JSON OUTPUT (for SIEM)
flare_beacon --whois --focus_outbound -c /opt/flare-master/configs/selks4.ini -json beacon.json -v

    Full writeup here

    Domain Features

    Alexa

    from flare.tools.alexa import Alexa
alexa = Alexa(limit=1000000)

print alexa.domain_in_alexa('google.com') # Returns True
print alexa.subdomain_in_alexa('www') # Returns True

print alexa.DOMAINS_TOP1M #Displays domains (in this case top 100)

    IP Utilities

    from flare.tools.whoisip import WhoisLookup

whois = WhoisLookup()
whois.get_name_by_ip('8.8.8.8')

OUT: 'GOOGLE - Google Inc., US'

from flare.tools.iputils import hex_to_ip, ip_to_hex

ip_to_hex('8.8.8.8'), hex_to_ip('08080808')

OUT: (u'08080808', '8.8.8.8')
    • Convert Hex to IP and vice/versa
    • Check for Private, Multicast, or Reserved domains
    • Identify the owner of a public IP address

    Data Science Features

    from flare.data_science.features import dga_classifier

dga_c = dga_classifier()

print dga_c.predict('facebook')
Legit

print dga_c.predict('39al31ak3')
dga
    from flare.data_science.features import entropy
from flare.data_science.features import ip_matcher
from flare.data_science.features import domain_extract
from flare.data_science.features import levenshtein
from flare.data_science.features import domain_tld_extract

# Entropy example
print entropy('akd93ka8a91a')
2.58496250072

# IP Matcher Example
print ip_matcher('8.8.8.8')
True

print ip_matcher('39.993.9.1')
False

# Domain Extract Example
domain_extract('longsubdomain.huntoperator.com')
'huntoperator'

# Domain TLD Extract
domain_tld_extract('longsubdomain.huntoperator.com')
'huntoperator.com'

# Levenshtein example
a = ['google.com']
b = ['googl3.com']
print levenshtein(a, b)
'Difference of:' 1

    and many more features for data extraction...

    Tags:

    Owner

    austin-taylor

    austin-taylor
    GitHub Repository https://github.com/austin-taylor
    🤖 Template for telegram bot using postgres, pgbouncer, redis, docker, amplitude, prometheus, grafana, CI

    start services make migrations start the necessary services (at least the database and redis) start telegram bot start admin panel make migrations to launch the bot you only need a token bot, datab…

    donBarbos
    146 Apr 24, 2024
    Data science and Machine Learning GUI programs/ desktop apps with PySimpleGUI package

    You will also need, etc. to run the demo codes. Here is the code to program this app, Although this is a very simple code, it features, We can essentially follow the same path and add more layers of …

    tirthajyoti
    164 Apr 19, 2024
    ML-capsule is a Project for beginners and experienced data science Enthusiasts who don't have a mentor or guidance and wish to learn Machine learning. Using our repo they can learn ML, DL, and many related technologies with different real-world projects and become Interview ready.

    Extraction is a general term for methods of constructing combinations of the variables to get around these problems while still describing the data with sufficient accuracy Data visualization is the …

    Niketkumardheeryan
    229 Mar 31, 2024
    The easiest way to use Machine Learning. Mix and match underlying ML libraries and data set sources. Generate new datasets or modify existing ones with ease.

    As we all know the Machine Learning space has a lot of tools and libraries for creating pipelines to train, test & deploy models, and dealing with these many different APIs can be cumbersome. Our…

    intel
    240 Apr 02, 2024
    Text analytics for LLM apps. PostHog for prompts. Extract evaluations, intents and events from text messages. phospho leverages LLM (OpenAI, MistralAI, Ollama, etc.)

    Phospho is the text analytics platform for LLM apps. Detect issues and extract insights from text messages of your users or your app. Gather user feedback and measure success. Iterate on your app to …

    phospho-app
    243 Apr 23, 2024
    a flask profiler which watches endpoint calls and tries to make some analysis.

    It gives answers to these questions: In short, if you are curious about what your endpoints are doing and what requests they are receiving, give a try to flask-profiler. With flask-profiler's web int…

    muatik
    747 Apr 12, 2024
    Analytics services for Django projects

    Using an analytics service with a Django project means adding Javascript tracking code to the project templates. Of course, every service has its own specific installation instructions. Furthermore, …

    jazzband
    1.18K Apr 23, 2024
    A flexible, easy to use, automation framework allowing users to integrate their capabilities and devices to cut through the repetitive, tedious tasks slowing them down. #nsacyber

    This documentation is intended as a reference for app and workflow developers as well as project contributors and operators. Here you will find walkthroughs, tutorials and other useful information ab…

    nsacyber
    1.19K Apr 18, 2024
    Apache Superset is a Data Visualization and Data Exploration Platform

    A modern, enterprise-ready business intelligence web application. Superset is a modern data exploration and data visualization platform. Superset can replace or augment proprietary business intellige…

    apache
    58.77K Apr 24, 2024
    Beginner-friendly collection of Python notebooks for various use cases of machine learning, deep learning, and analytics. For each notebook there is a separate tutorial on the relataly.com blog.

    Collection of Python notebooks for various machine learning, deep learning and analytics use cases Welcome to the GitHub tutorial directory of the relataly.com blog on business use cases with python …

    flo7up
    140 Apr 11, 2024

    Subscribe to our newsletter