blob: 7650b94cd1c57384684f0f290cea0b0c06f7e1dc [file] [log] [blame]
<!doctype html>
<!--[if lt IE 7]><html lang="en-US" class="no-js lt-ie9 lt-ie8 lt-ie7"><![endif]-->
<!--[if (IE 7)&!(IEMobile)]><html lang="en-US" class="no-js lt-ie9 lt-ie8"><![endif]-->
<!--[if (IE 8)&!(IEMobile)]><html lang="en-US" class="no-js lt-ie9"><![endif]-->
<!--[if gt IE 8]><!-->
<html lang="en-US" class="no-js">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Get Started - Apache Spot</title>
<meta name="HandheldFriendly" content="True">
<meta name="MobileOptimized" content="320">
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<link rel="apple-touch-icon" href="../library/images/apple-touch-icon.png">
<link rel="icon" href="../favicon.png">
<!--[if IE]>
<link rel="shortcut icon" href="">
<meta name="msapplication-TileColor" content="#f01d4f">
<meta name="msapplication-TileImage" content="../library/images/win8-tile-icon.png">
<meta name="theme-color" content="#121212">
<link rel='dns-prefetch' href='//' />
<link rel='dns-prefetch' href='//' />
<link rel="alternate" type="application/rss+xml" title="Apache Spot &raquo; Feed" href="../feed/" />
<link rel='stylesheet' id='googleFonts-css' href='' type='text/css' media='all' />
<link rel='stylesheet' id='bones-stylesheet-css' href='../library/css/style.css' type='text/css' media='all' />
<!--[if lt IE 9]>
<link rel='stylesheet' id='bones-ie-only-css' href='' type='text/css' media='all' />
<link rel='stylesheet' id='mm-css-css' href='../library/css/meanmenu.css' type='text/css' media='all' />
<script type='text/javascript' src='../library/js/libs/modernizr.custom.min.js'></script>
<script src=""></script>
<script type='text/javascript' src='../library/js/jquery-migrate.min.js'></script>
<script type='text/javascript' src='../library/js/jquery.meanmenu.js'></script>
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
ga('create', 'UA-87470508-1', 'auto');
ga('send', 'pageview');
<body class="page">
<div id="container">
<header class="header">
<div id="inner-header" class="wrap cf">
<p id="logo" class="h1" itemscope itemtype="">
<a href="" rel="nofollow"><img src="../library/images/logo.png" alt="Apache Spot" /></a>
<ul id="menu-main-menu" class="nav top-nav cf">
<li id="menu-item-129" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-129 menu-item-has-children active">
<a href="../get-started">Get Started</a>
<ul class="sub-menu">
<li class="active"><a href="../get-started">Get Started</a></li>
<li><a href="../get-started/supporting-apache">Supporting Apache</a></li>
<li><a href="../get-started/environment">Environment</a></li>
<li><a href="../get-started/architecture">Architecture</a></li>
<li><a href="../get-started/demo">Demo</a></li>
<li id="menu-item-5" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-5">
<a href="../download">Download</a>
<li id="menu-item-130" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-130">
<a href="../community">Community</a>
<ul class="sub-menu com-sm">
<li class="dropmenu-head">Get in Touch</li>
<li><a href="../community" class="mail">Mailing Lists</a></li>
<li class="divider"></li>
<li><a href="../community/committers">Project Committers</a></li>
<li><a href="../community/contribute">How to Contribute</a></li>
<li class="divider"></li>
<li class="dropmenu-head">Developer Resources</li>
<li><a href="" target="_blank" class="github">Github</a></li>
<li><a href="" target="_blank" class="jira">JIRA Issue Tracker</a></li>
<li><a href="" target="_blank" class="">Confluence Site</a></li> <li class="divider"></li>
<li class="dropmenu-head">Social Media</li>
<li><a href="" target="_blank" class="twitter-icon">Twitter</a></li>
<li id="menu-item-106" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-106">
<a href="../doc">Documentation</a>
<li class="menu-item menu-item-has-children">
<a href="#">Project Components</a>
<ul class="sub-menu">
<li><a href="../project-components/ingestion">Ingestion</a></li>
<li><a href="../project-components/machine-learning">Machine Learning</a></li>
<li><a href="../project-components/suspicious-connects-analysis">Suspicous Connects Analysis</a></li>
<li><a href="../project-components/visualization">Visualization</a></li>
<li class="under-dev">Under Development</li>
<li><a href="../project-components/open-data-models">Open Data Models</a></li>
<li id="menu-item-13" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-13">
<a href="../blog">Blog</a>
<div id="mobile-nav"></div>
<div id="content">
<div class="wrap cf">
<h1>Getting Started</h1>
<hr />
<h2>Apache Spot (Incubating)</h2>
<p>Apache Spot is open source software for leveraging insights from flow and packet analysis. It helps enterprises and service providers gain insight on their network environments through transparency of service delivery and identification of potential security threats or attacks happening among resources operating at cloud scale. While current threat intelligence tools help, identifying unknown threats and attacks remains a challenge. Apache Spot provides tools to accelerate companies’ ability to expose suspicious connections and previously unseen attacks using flow and packet analysis technologies.</p>
<p>Apache Spot (incubating) is a solution built to leverage strong technology in both "big data" and scientific computing disciplines. While the solution solves problems end-to-end, components may be leveraged individually or integrated into other solutions. All components can output data in CSV format, maximizing interoperability.</p>
<p>With the arrival of big data platforms, security organizations can now make data-driven decisions about how they protect their assets. Records of network traffic, captured as network flows, are often stored and analyzed for use in network management. An organization can use this same information to gain insight into what channels corporate information flows through.</p>
<p>By taking into account additional context such as prevalent attacks and key protocols to the organization, the security team can develop a strategy that applies the right amount of per-channel risk mitigation based on the value of the data flowing through it. For an organization, we call this "the port perspective".</p>
<p>There are two vectors that all organizations should evaluate:</p>
<li>A "wide enough, deep enough" protection strategy that involves both edge prevention and sophisticated detection of unusual behavior</li>
<li>A deep inspection of key protocols using methods that can scale to the volume of data flowing across that channel</li>
<p>While inspecting specific, unique flows of data that may be important for individual organizations, all organizations can realize significant risk reduction from analysis of network flows and DNS (domain name service) replies.</p>
<p>Apache Spot by leveraging strong technology in both Big Data and Scientific Computing disciplines is a solution intended to support this strategy by focusing on “hard security problems” detecting events such as lateral movement, side-channel data escapes, insider issues, or stealthy behavior in general.</p>
<p style="text-align:center;margin:35px 0;"><img src="../library/images/how-it-works.png" alt="" /></p>
<li>DNS (pcaps).</li>
<h3>Parallel Ingest Framework</h3>
<li>Open source decoders.</li>
<li>Load data in Hadoop.</li>
<li>Data transformation.</li>
<h3>Machine Learning</h3>
<li>Filter billion of events to a few thousands.</li>
<li>Unsupervised learning.</li>
<h3>Operational Analytics</h3>
<ul style="margin-bottom:50px;">
<li>Attack heuristics.</li>
<li>Noise filter.</li>
<div id="more-info">
<div class="wrap cf">
<a href="" class="y-btn" target="_blank">More Info</a>
<p style="margin-top:50px;"><img src="../library/images/apache-incubator.png" alt="Apache Incubator" />
<p class="disclaimer">
Apache Spot is an effort undergoing incubation at The Apache Software Foundation (ASF), sponsored by the Apache Incubator. Incubation is required of all newly accepted projects until a further review indicates that the infrastructure, communications, and decision making process have stabilized in a manner consistent with other successful ASF projects. While incubation status is not necessarily a reflection of the completeness or stability of the code, it does indicate that the project has yet to be fully endorsed by the ASF.
<p class="disclaimer">
The contents of this website are © 2016 Apache Software Foundation under the terms of the Apache License v2. Apache Spot and its logo are trademarks of the Apache Software Foundation.
<footer class="footer" role="contentinfo" itemscope itemtype="">
<div id="inner-footer" class="wrap cf">
<p class="source-org copyright" style="text-align:center;">
&copy; 2019 Apache Spot.
<a href="#0" class="cd-top">Top</a>
<script type='text/javascript' src='../library/js/scripts.js'></script>