PatrOwl – Smart and Scalable Security Operations Orchestration Platform

Comments Off on PatrOwl – Smart and Scalable Security Operations Orchestration Platform

PatrOwl is an advanced platform for orchestrating Security Operations like Penetration testing, Vulnerability Assessment, Code review, Compliance checks, Cyber-Threat Intelligence / Hunting and SOC & DFIR Operations.

PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations (scans, searches, API calls, …), aggregating the results, relaying alerts on third parties (ex: Incident Response platform like TheHive, Splunk, …) and providing the reports and dashboards. Operations are performed by the PatrowlEngines instances.

Some of the use cases with this platform is:

  • Monitoring Internet-faced systems Scan continuously websites, public IP, domains and subdomains for vulnerabilities, misconfigurations.
  • Data leaks Monitor code leaks on GitHub, sharing platforms (Pasties), emails in dump leaks, open AWS buckets, …
  • Phishing / APT scenario preparation Monitor early signs of targeted attacks: new domain registration, suspicious Tweets, paste, VirusTotal submissions, phishing reports, …
  • Vulnerability and remediation tracking Identify vulnerabilities, send a full report to ticketing system (TheHive, JIRA, …) and rescan to check for remediation
  • Regulation and Compliance Evaluate compliance gaps using provided scan templates
  • Vulnerability assessment of internal systems Orchestrate regular scans on a fixed perimeter, check changes (asset, vulnerability, criticality)
  • Penetration tests Perform the reconnaissance steps, the full-stack vulnerability assessment and the remediation checks
  • Attacker assets monitoring Ensure readiness of teams by identifying attackers’ assets and tracking changes of their IP, domaines, WEB applications
  • Continuous Integration / Continuous Delivery Automation of static code analysis, external resources assessment and web application vulnerability scans

Architecture

Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery.

Architecture

The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).

Try it now!

To try PatrOwl, install it by reading the Installation Guide and the User Guide.

 

Related Articles

ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
Live Chat
RESOURCES
Get Started
TOOLBOX
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress