• Stars
    star
    237
  • Rank 169,885 (Top 4 %)
  • Language
    JavaScript
  • License
    Other
  • Created about 10 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Sandia Cyber Omni Tracker (SCOT)

ScotLogo

Sandia Cyber Omni Tracker

version Documentation Status license pipeline status

SCOT Online Demo

Give SCOT a try: https://scotdemo.com with the username: admin/ password: admin

For this demo, the app is reverted every hour on the hour.

SCOT Mailing List

Send e-mail to [email protected] with body of "subscribe scot-users"

Documentation and Install

Read our documentation at Read The Docs.

Also, for docker documentation, please read: https://github.com/sandialabs/scot/blob/scot-docker/docs/source/scotdocker.rst

UPGRADE NOTE

IMPORTANT: Read Issue #55 before upgrading from 3.5.5.

Install It!

** RPM Based Installer (CENTOS 7) **

  • clone scot repo or download the files

    • scot.perl.rpm.install.tar.gz
    • scot.rpm.install.tar.gz
  • extract both files:

    • tar xzvf scot*tar.gz
  • install scot perl first

    • cd scot-perl-install
    • ./install.sh
    • follow instructions presented at end of install
  • install scot second

    • cd scot-install
    • ./install.sh

Docker Method

The suggested method for installation of SCOT is using docker. For a walkthrough of installing SCOT via docker, please read: https://github.com/sandialabs/scot/blob/scot-docker/docs/source/scotdocker.rst

Once you have read the documentation, please run the restart-build-deploy.sh script in the root directory of the scot source code to begin the installation process.

Legacy Method

SCOT has an installer that will work with Ubuntu 16.04 and CentOS 7.3. While there should be nothing preventing SCOT to work on other Linux's, you will have to do a lot more work by hand to get SCOT installed. (Please post your successes for others)

To install on Ubuntu 16.04 or CentOS 7:

  • clone the SCOT repo:

    git clone https://github.com/sandialabs/scot.git

  • be sure to set http_proxy environment variables if necessary

  • run the installer as root:

    • $ sudo -E bash
    • cd SCOT
    • ./install.sh 2>&1 | tee ../scot.install.log

The install can take a while. The installer output is very verbose and saving it to a log is recommended to help with debugging any issues that might arise.

Overview

The Sandia Cyber Omni Tracker (SCOT) is a cyber security incident response management system and knowledge base. Designed by cyber security incident responders, SCOT provides a new approach to manage security alerts, analyze data for deeper patterns, coordinate team efforts, and capture team knowledge. SCOT integrates with existing security applications to provide a consistent, easy to use interface that enhances analyst effectiveness.

Scot-flow

Customer Need

Incident response (IR) teams utilize many systems to detect, collect and analyze cyber security event data. These systems, while solving pieces of the puzzle, often fail to give the analyst a holistic view of what is happening and their teamโ€™s response to those events. Many systems do not have the flexibility to work with the IR processes to research and document those activities. Research is not easily shared and searchable, so the teamโ€™s effectiveness decreases, especially when key personnel are on vacation or take other positions. Without a ready corpus of examples of past events, training new team members becomes a lengthy process. Each additional tool adds cognitive load to the analyst and the toolโ€™s maintenance needs take the analyst away from the primary task of IR.

Our Approach

Focused on removing the friction between analysts and their tools, SCOT enables analysts to document and share their research and response efforts. As a software suite that integrates data from detectors, analysis, and other information sources, it provides real time updates of the teamโ€™s work to keep the team informed and coordinated. SCOT automatically identifies indicators to help the analyst discover and respond to advanced threats. Centralization of the data reduces the contextual shifts necessary to access each detection system. Fusing detection data with the accumulated team knowledge allows the team to quickly discover that a new alert might be part of a larger campaign. In addition, SCOT automates and simplifies common analyst tasks to increase analystโ€™s effectiveness by freeing them to concentrate on cyber security โ€“ not tool mastery.

Benefits

The number of alerts Sandiaโ€™s IR team has seen has nearly doubled in the past several years. SCOT enabled the team to keep up with this increase without adding additional team members. As a training tool, new team members started contributing in weeks, instead of months. In just over 4 years SCOT has amassed a database of over 700K indicators from analyst and alert input. These indicators help the team spot an adversaryโ€™s methods and tactics, as well as highlighting common targets within the enterprise. SCOT, processed over 1.6 million alerts since deployment, while maintaining 99.9% availability, and required minimal administration. SCOT is fully scalable to meet higher loads.

Competitive Advantage

Sandia's incident response team realized several advantages using SCOT over other solutions. SCOT's ease of use eliminated the steep learning curve of traditional SIEMS and captured team knowledge much more effectively. Designed for cyber security, SCOT allows the IR team to enter data easily, instead of struggling to conform to a ticketing system designed for other purposes. While workflow systems handle linear workflows easily, SCOT is purpose built for the looping nature of cyber security investigations. SCOT also solves the challenges of keeping wikis, spreadsheets and documents up-to-date and accessible to an IR team. While top-notch analysts may be able to keep everything in their brains, SCOT will capture their knowledge for when they go on vacation or to other employment.

Scot-venn

Contact US

News and Discussion: mailto:[email protected]

Vulnerabilities: mailto:[email protected]

Bugs/Feature Requests: Use our GitHub issue tracking

Collaboration: mailto:[email protected]

More Repositories

1

wiretap

Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.
Go
847
star
2

toyplot

Interactive plotting for Python.
Jupyter Notebook
422
star
3

Albany

Sandia National Laboratories' Albany multiphysics code
C++
281
star
4

qthreads

Lightweight locality-aware user-level threading runtime.
C
170
star
5

dr_robot

This tool can be used to enumerate the subdomains associated with a company by aggregating the results of multiple OSINT (Open Source Intelligence) tools.
Python
138
star
6

pyGSTi

A python implementation of Gate Set Tomography
Jupyter Notebook
134
star
7

seacas

The Sandia Engineering Analysis Code Access System (SEACAS) is a suite of preprocessing, postprocessing, translation, and utility applications supporting finite element analysis software using the Exodus database file format.
C
131
star
8

snl-quest

An open source, Python-based software platform for energy storage simulation and analysis developed by Sandia National Laboratories.
Python
128
star
9

InterSpec

spectral radiation analysis software
C++
120
star
10

omega_h

Simplex mesh adaptivity for HPC
C++
105
star
11

slycat

Web-based data science analysis and visualization platform.
JavaScript
75
star
12

pecos

Python package for performance monitoring of time series data
Python
64
star
13

gr-pdu_utils

GNU Radio PDU Utilities
C++
61
star
14

UQTk

Sandia Uncertainty Quantification Toolkit
Fortran
59
star
15

chama

Python package for sensor placement optimization
Python
57
star
16

bcnn

3D Bayesian Convolutional Neural Network (BCNN) for Credible Geometric Uncertainty. Code for the paper: https://arxiv.org/abs/1910.10793
Python
56
star
17

gr-fhss_utils

Bursty modem utilities
C++
56
star
18

Whetstone

Python
47
star
19

TChem

TChem - A Software Toolkit for the Analysis of Complex Kinetic Models
Jupyter Notebook
44
star
20

tracktable

Tracktable: moving object trajectory analysis in C++ and Python
C++
39
star
21

tbnn

This code implements the Tensor Basis Neural Network (TBNN) as described in Ling et al. (Journal of Fluid Mechanics, 2016).
Python
38
star
22

hyram

Python
38
star
23

reverse_argparse

A Python library to determine what exactly the user ran at the command line, along with default values, and any transformations that happened after parsing arguments.
Python
38
star
24

pyapprox

Python
37
star
25

Spitfire

Spitfire is a Python/C++ library for constructing tabulated chemistry models and solving differential equations.
Python
37
star
26

portals4

Portals is a low-level network API for high-performance networking on high-performance computing systems developed by Sandia National Laboratories, Intel Corporation, and the University of New Mexico. The Portals 4 Reference Implementation is a complete implementation of Portals 4, with transport over InfiniBand VERBS and UDP. Shared memory transport is available as an optimization, including Linux KNEM support. The Portals 4 reference implementation is supported on both modern 64 bit Linux and 64 bit Mac OS X. The reference implementation has been developed by Sandia National Laboratories, Intel Corporation, and System Fabric Works. For more information on the Portals 4 standard, please see the Portals 4 page.
C
34
star
27

cross-sim

CrossSim: accuracy simulation of analog in-memory computing
Python
33
star
28

NuMAD

Numerical Manufacturing And Design Tool (NuMAD) -- A design tool for wind and water turbine composite blades
MATLAB
33
star
29

Prove-It

A tool for proving and organizing general theorems using Python.
Jupyter Notebook
27
star
30

SpecUtils

A library for opening, manipulating, and exporting gamma spectral files
C++
26
star
31

optimism

Computational solid mechanics made easy with Jax
Python
26
star
32

spack-manager

A project and machine deployment model using Spack
Python
25
star
33

gr-timing_utils

GNU Radio Timing Utilties
C++
25
star
34

MATLAB_PV_LIB

MATLAB PV function library
HTML
24
star
35

lgrtk

Tool Kit for Lagrangian Grid Reconnection
C++
22
star
36

mac-sandbox

This is a malware analyzer for Mac OS X that extends the Cuckoo Sandbox project (https://cuckoosandbox.org/)
Python
22
star
37

gait

Zeek Extension to Collect Metadata for Profiling of Endpoints and Proxies
Zeek
21
star
38

n2a

An object-oriented language for modeling large-scale neural systems, along with an IDE for writing and simulating models.
Java
21
star
39

MEWS

Multi-scenario Extreme Weather Simulator (MEWS)
Python
20
star
40

spat

A graphical user interface for measuring and performing inter-active analysis of physical unclonable functions (PUFs)
Python
20
star
41

compadre

Compadre (Compatible Particle Discretization and Remap)
C++
20
star
42

pyttb

Python Tensor Toolbox
Python
19
star
43

poblano_toolbox

Nonlinear optimization for MATLAB.
MATLAB
19
star
44

pycheron

Pycheron - A python library for quality control of seismic data based on IRIS Mustang.
Python
18
star
45

MatMCNP

A utility code for generating material cards for MCNP
Python
18
star
46

Zoltan

Zoltan Dynamic Load Balancing and Graph Algorithm Toolkit -- Distribution site
C
18
star
47

pvOps

A set of documented functions for supporting operations research of photovoltaic energy systems.
Jupyter Notebook
18
star
48

verdict

verdict
C++
17
star
49

Chordly

Chordly is a javascript library that may be used to detect and act upon key sequences entered by a user.
JavaScript
17
star
50

SandiaDecay

Easy to use C++ library to calculate nuclear decays and emissions
C++
17
star
51

CACTUS

CACTUS (Code for Axial and Cross-flow TUrbine Simulation) is a turbine performance simulation code, based on a free wake vortex method, to study wind turbines and marine hydrokinetic (MHK) devices.
Fortran
17
star
52

sceptre-phenix

phenix is an orchestration tool and GUI for Sandia's minimega platform
JavaScript
17
star
53

Gulliver

Gulliver is a C# utility package and library engineered for the manipulation of arbitrary sized byte arrays accounting for appropriate endianness and jagged byte length.
C#
15
star
54

PyRIID

ML-based radioisotope identification and estimation from gamma spectra in Python.
Python
15
star
55

suncal

Suncal - Sandia PSL Uncertainty Calculator
Python
14
star
56

Fugu

Python
14
star
57

cambio

Spectroscopic file conversion tool
C
14
star
58

mesquite

Mesquite: Mesh Quality Improvement Toolkit
HTML
14
star
59

sandialabs.github.io

JavaScript
14
star
60

packet2vec

Word2Vec embeddings over packet capture data n-grams.
C++
14
star
61

parapint

Parallel solution of structured nonlinear optimization problems
Python
13
star
62

WecOptTool

WEC Design Optimization Toolbox
Python
13
star
63

Matrices

Contains the matrix generation software and normed matrices described in "Recreating Raven's: Software for systematically generating large numbers of Raven-like matrix problems with normed properties," published in Behavior Research Methods in 2010
13
star
64

SNL-Delft3D-CEC

Fortran
12
star
65

staged-script

A Python package enabling the development of robust automation scripts that are subdivided into stages.
Python
12
star
66

p3a

Portably Performant Physical Algebra
C++
12
star
67

LCM

Laboratory for Computational Mechanics
C++
12
star
68

gr-sandia_utils

Misc blocks
C++
12
star
69

RUBRIC

C++
12
star
70

parsegen-cpp

A C++17 library for parser generation for LALR(1) languages
C++
12
star
71

snl-pstess

The Power and Energy Storage Systems Toolbox
MATLAB
12
star
72

sibl

Sandia Injury Biomechanics Laboratory (SIBL)
Python
11
star
73

shadow

Shadow semi-supervised consistency regularization PyTorch library
Python
11
star
74

lim1tr

Lithium-Ion Modeling with 1-D Thermal Runaway (LIM1TR)
Python
11
star
75

StrideSearch

Storm detection in climate data
C++
11
star
76

SNL-SWAN

SNL-SWAN
Fortran
11
star
77

sceptre-bennu

Modeling and simulation of ICS devices
C++
11
star
78

barcs

Ballistic Asynchronous Reversible Computing with Superconductors -- Tool for functional element enumeration and classification.
Python
10
star
79

lapart-python

Python
10
star
80

TIGER

Target / Integrative Genetic Element Retriever: precisely maps IGEs (a defined type of genomic island) in bacterial and archaeal genomes; package also includes orthogonal program Islander
Perl
10
star
81

miniIsosurface

A mini-app to explore algorithms for generating contours from 3D volumes.
C++
10
star
82

chemical-recommender-system

Platform for rapid computation of molecular similarity and integration of custom machine learning models
Python
9
star
83

sdynpy

A Structural Dynamics Python Library
Python
9
star
84

quinn

Quantification of Uncertainties in Neural Networks
Python
9
star
85

Arcus

Arcus, developed by Sandia National Laboratories, is a C# library for calculating, parsing, formatting, converting and comparing both IPv4 and IPv6 addresses and subnets. It accounts for 128-bit numbers on 32-bit platforms.
C#
9
star
86

SpokeDartsPublic

SpokeDarts sphere-packing sampling in any dimension. Advancing front sampling from radial lines (spokes) through prior samples.
C++
9
star
87

linkshop

Python
8
star
88

capp

A simple, portable package manager for applications
CMake
8
star
89

pyperc

Python package to model invasion percolation
Python
8
star
90

Fenix

Fenix: A Portable, Flexible Fault Tolerance Programming Framework for MPI Applications
C
8
star
91

svp_1547.1

Test scripts for IEEE 1547.1
Python
8
star
92

pyNuMAD

pynumad is an object-oriented, open-source software program written in Python which simplifies the process of creating a three-dimensional model of a wind turbine blade.
Python
8
star
93

rattlesnake-vibration-controller

Vibration Controller targetting Multiple-Input-Multiple-Output (MIMO) and Combined Environments Control
Python
8
star
94

mcdn-3d-seg

Monte Carlo Dropout Network for 3D Image Segmentation
Python
8
star
95

phoenix

An astrodynamics library.
Scala
7
star
96

xyz

zip metadata extraction tool
Python
7
star
97

CSPlib

Computational singular perturbation analysis library
Jupyter Notebook
7
star
98

BioCompoundML

BioCompoundML is a software tool for rapidly screening chemicals by chemical properties, using machine learning.
Python
7
star
99

miniGraphics

Miniapp to demonstrate parallel rendering in an MPI environment using a sort-last parallel rendering approach.
C++
7
star
100

PRIME

PRIME is a modeling framework designed for the "real-time" characterization and forecasting of partially observed epidemics
Python
7
star