I’m happy to announce the official release of the NetBehave that I presented at the BSides Ottawa 2018 conference on November 8th, 2018 in, obviously, Ottawa, Canada.

The code for the system is now live. You can get a copy of the presentation here.

Getting started

Step 1. Get a copy of the code (download zip/unzip or git clone)

git clone https://github.com/netbehave/netbehave.git

Step 2. Edit docker-compose.yml file to edit the ENV variable values for netbehave-alerting and netbehave-core.

...
    netbehave-alerting:
        image: netbehave-alerting
        build: ./netbehave-alerting
        environment:
        - ENV SMTP_USER=account@example.com
        - ENV SMTP_PASSWORD=PASSWORD 
        - ENV SMTP_RECIPIENT=account@example.com
        - ENV SMTP_SERVER=smtp.example.com
        - ENV SMTP_PORT=2525 # Is 25 blocked by default?
        volumes:
        - logs:/var/log
        - data:/opt/netbehave

        
    netbehave-collector-nfipfix:
        image: netbehave-collector-nfipfix
        build: ./netbehave-collector-nfipfix
        expose:
        - "2055/udp"
        ports:
        - "2055:2055/udp"
        environment:
        - ENV LOCAL_NETWORKS="home=192.168.0.;docker=172.17.;NAT=1.1.1.1"
...

Step 3. Go to the folder and run: docker-compose build [sudo may be required]

docker-compose build

Step 4. Go to the folder and run: docker-compose up -d [sudo may be required]

docker-compose up -d