Manati : A Web-Based Tool To Assist The Work Of The Intuitive Threat Analysts

The goal of the ManaTI project is to develop machine learning techniques to assist an intuitive threat analyst to speed the discovery of new security problems. The machine learning will contribute to the analysis by finding new relationships and inferences.

The project will include the development of a web interface for the analyst to interact with the data and the machine learning output. This project is partially supported by Cisco Systems. For more information about the project please go to Stratosphere Lab page.

Installation

ManaTI is a Django project with a Postgres database and it works in Linux and MacOS. We recommend using a virtualenv environment to setup it. The installation steps for linux are:

sudo apt-get update ; sudo apt-get upgrade -y

• Clone the repository

git clone git@github.com:stratosphereips/Manati.git; cd Manati

or if you don’t want to use SSH, use HTTPS

git clone https://github.com/stratosphereips/Manati.git; cd Manati

• Install Virtualenv to isolate the required python libraries for ManaTI, also will be installed python libraries for development

sudo apt-get install virtualenv python-pip python-dev libpq-dev build-essential libssl-dev libffi-dev

• Create virtualenv folder

virtualenv .vmanati

• Active Virtualenv

source .vmanati/bin/activate

• Install PostgreSQL DB engine

sudo apt-get install postgresql-server-dev-all postgresql-9.5 postgresql-client-9.5

• Create environment variables files. Copy and rename the files .env.example to .env, and .env-docker.example to .env-docker

cp .env.example .env
cp .env-docker.example .env-docker

OPTIONAL

You can modify the password and name of database, if you want. Remember, reflect the changes in the Postgres database settings below.

• Install required python libraries

pip install -r requirements/local.txt

• Start postgresql

sudo /etc/init.d/postgresql start

Configure the database

• As root: (There should be a user postgres after installing the database)

su – postgres

• Create the database:

psql
create user manati_db_user with password ‘password’;
create database manati_db;
grant all privileges on database manati_db to manati_db_user;
alter role manati_db_user createrole createdb;
CTRL-D (to output the postgres db shell)

Also Read – Sub.sh : Online Subdomain Detect Script

OPTIONAL

To change the password by default of the postgres user (you can put the same password if you want), specially good idea if you want to use pgAdmin3-4 as a postgres client. Remember don’t exit of “sudo – postgres”

psql
\password;
CTRL-D (to output the postgres db shell)

How to run it

It is not recommended to run the server as root, but since only root can open ports numbers less than 1024, it is up to you which user you use. By default it opens the port 8000, so you can run it as root:

python ./manage.py runserver

After this, just open your browser in http://localhost:8000/manati_project/manati_ui

If you want to open the server in the network, you can do it with:

python ./manage.py runserver :8000

If you want to see the jobs running or enqueued go to http://localhost:8000/manati_project/django-rq/

Run in production

Using surpevisor, gunicorn as server with RQ worker (with redis server) to deal with the background tasks. In the future we are planning to prepare settings for nginx

cd path/to/project_directory
python manage.py collectstatic –noinput –clear
sudo supervisord -c supervisor-manati.conf -n

Docker image

If you have docker installed, maybe can be a good idea install the ManaTI docker image. The Dockerfile and server configurations files are here. This ManaTI docker image is executed over a server NGINX and uWSGI. This image is maintained by @Piuliss

docker pull honeyjack/manati:latest
docker run –name manati -p 8888:8888 -dti honeyjack/manati:latest bash

Then, wait for 5 or 10 seconds and go to http://localhost:8888

Docker Composer

If you don’t want to waste time installing ManaTI and you have docker installed, you can just execute docker-compose. First clone the repository and go to the directory project.

cd Manati
cp .env.example .env
cp .env-docker.example .env-docker
docker-compose build
docker-compose run web bash -c “python manage.py makemigrations –noinput; python manage.py migrate; python manage.py check_external_modules”
docker-compose run web bash -c “python manage.py createsuperuser2 –username admin –password Password123 –noinput –email ‘admin@manatiproject.com'”
docker-compose up # or ‘docker-compose up -d’ if you don’t want to see the logs in the console.

After this, just open your browser in http://localhost:8000/manati_project/manati_ui/new