The Ultimate Suite is a comprehensive, real-time cloud monitoring and security solution designed for advanced log analysis, ransomware detection, and proactive incident response. It integrates seamlessly with popular tools and technologies to provide a robust platform for safeguarding cloud resources.
- Log Collection and Processing: Collects logs from various cloud services, systems, and honeypots.
- ELK Stack Integration: Logs are stored and analyzed using Elasticsearch, Logstash, and Kibana, running on Docker.
- Customizable Dashboards: Visualize real-time log data, trends, and metrics for enhanced visibility into system performance and security.
- Machine Learning Integration: Utilizes a cutting-edge ML model to classify executables and identify potential ransomware threats.
- Real-Time Analysis: The ML model processes files in real time, isolating and mitigating malicious files before they can impact the system.
- Proactive Security: Detects and predicts ransomware activities with high accuracy.
- Dynamic Honeypots: Simulates vulnerable services on common attack-prone ports to attract malicious actors.
- Log Analysis: Logs from honeypots are analyzed to identify malicious activities.
- Anomaly Detection: Monitors unusual patterns and generates alerts for potential threats.
- Real-Time Alerts:
- Discord Notifications: Sends detailed alerts to a configured Discord server for immediate team communication.
- Window Alerts: Triggers pop-up notifications in the frontend for real-time updates.
- Automated Incident Response: Provides actionable insights for rapid mitigation and response.
- Customizable Thresholds: Configure alert levels based on system requirements.
- Frontend: Built with React, providing an intuitive and customizable dashboard for log visualization and threat monitoring.
- Backend: Powered by FastAPI, facilitating secure and efficient communication between the system and the frontend.
- Custom Querying: Easy-to-use interface for querying and searching logs.
- Log Generation: Logs are collected from systems and honeypots.
- Log Storage: Logs are ingested into the ELK stack (Elasticsearch, Logstash, Kibana) hosted on Docker.
- Log Visualization: Logs are visualized and analyzed in real-time using Kibana.
- File Ingestion: Executable files are scanned and classified using the integrated ML model.
- Threat Classification: The model determines if the file is malicious (ransomware) or safe.
- Threat Mitigation: Malicious files are isolated, and alerts are generated.
- Honeypot Deployment: Servers simulate common attack-prone services on specific ports.
- Log Analysis: Logs generated by these servers are analyzed to identify malicious behavior.
- Discord Bot: Sends real-time alerts with detailed information about suspicious activities to a configured Discord channel.
- Window Alerts: Provides instant pop-up notifications in the frontend for logged-in users.
- React: User interface development.
- Nivo-charts: For custom visualizations.
- FastAPI: Backend server for API management.
- Python: Core programming language for backend logic.
- ELK Stack (Elasticsearch, Logstash, Kibana):
- Elasticsearch: Stores and indexes logs.
- Logstash: Processes logs and sends them to Elasticsearch.
- Kibana: Provides powerful log visualization.
- Scikit-learn / TensorFlow / PyTorch: For building and deploying the ransomware detection model.
- Discord Bot: Built using
discord.pyor similar library to send alerts. - Browser Notifications: Implemented using the browser's native notification APIs.
- Docker: Containerized deployment for ELK stack.
- Honeypot Scripts: Python scripts for monitoring attack patterns.
- Docker and Docker Compose installed on your machine.
- Python 3.8+ installed for the backend and ML model.
- Node.js and npm for the React frontend.
- Discord bot token and channel ID for alert configuration.
git clone https://github.com/SACHINKUMAR1728/Kaeya.git
cd Kaeya- Navigate to the ELK configuration directory:
cd loggy - Start the ELK stack using Docker Compose:
docker-compose up --build
- Verify the ELK stack is running by accessing Kibana at
http://localhost:5601.
Create a Discord bot and obtain its token:
- Go to Dicord Channel settings.
- Go to Integrations and select webhooks.
- Create new Webhook and copy the webhook link.
- Navigate to the backend directory:
cd server - Install dependencies:
pip install -r requirements.txt
- Start the FastAPI server:
uvicorn app.main:app --reload
- Navigate to the frontend directory:
cd client - Install dependencies:
npm install
- Start the React development server:
npm run dev
- Open your browser and navigate to
http://localhost:5173.
cd scripts
cd honeypots
python honeypot.py
python attack.py
python analyze.py
- View log trends, error distribution, and activity timelines on the dashboard.
- Use the custom search bar to query specific logs based on severity, timestamp, or source.
- Upload executable file information for real-time analysis.
- View threat classification results and logs of files.
- Monitor logs generated from honeypots.
- View detected malicious activities and alerts in the Discord.
- Discord Notifications: Receive alerts in your Discord channel for suspicious activities or anomalies.
- Window Alerts: Get pop-up notifications directly in the browser.
- Integration with external threat intelligence feeds.
- Support for more cloud platforms (AWS, Azure, GCP).
- Advanced anomaly detection using AI/ML models.
- Automated remediation actions for detected threats.
- Fork the repository.
- Create a feature branch:
git checkout -b feature-name
- Commit changes and push to the branch:
git commit -m "Add feature-name" git push origin feature-name - Submit a pull request.
This project is licensed under the MIT License. See the LICENSE file for details.