Bug#843958: RFP: laika-boss -- object scanner and intrusion detection system
Package: wnpp
Severity: wishlist
* Package name : laika-boss
Version : 0.1
Upstream Author : Lockheed Martin Corporation
* URL : https://github.com/lmco/laikaboss
* License : Apache 2.0
Programming Lang: Python
Description : laika is an object scanner and intrusion detection system
Laika BOSS: Object Scanning System
Whitepaper can be found:
http://lockheedmartin.com/content/dam/lockheed/data/isgs/documents/LaikaBOSS%20Whitepaper.pdf
Laika is an object scanner and intrusion detection system that strives to achieve the following goals:
* Scalable
- Work across multiple systems
- High volume of input from many sources
* Flexible
- Modular architecture
- Highly configurable dispatching and dispositioning logic
- Tactical code insertion (without needing restart)
* Verbose
- Generate more metadata than you know what to do with
Each scan does three main actions on each object:
* Extract child objects
- Some objects are archives, some are wrappers, and others are obfuscators. Whatever the case may be, find children objects that should be scanned recursively by extracting them out.
* Mark flags
- Flags provide a means for dispositioning objects and for pivoting on future analysis.
* Add metadata
- Discover as much information describing the object for future analysis.
Laika is composed of the following pieces:
* Framework (laika.py)
- This is the core of Laika BOSS. It includes the object model and the dispatching logic.
* laikad
- This piece contains the code for running Laika as a deamonized, networked service using the ZeroMQ broker.
* cloudscan
- A command-line client for sending a local system file to a running service instance of Laika (laikad).
* modules
- The scan itself is composed of the running of modules. Each module is its own program that focuses on a particular sub-component of the overall file analysis.
Reply to: