teler
is an real-time intrusion detection and threat alert based on web log that runs in a terminal with resources that we collect and provide by the community.
Note
If you upgrade from prior to v2 frontwards there will be some break changes that affect configuration files. Appropriate adaptations can refer to teler.example.yaml file.
See also:
- kitabisa/teler-waf: teler-waf is a Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy to integrate into existing Go applications.
Table Of Contents
- Features
- Why teler?
- Demo
- Documentation
- Supporting Materials
- Contributors
- Resources
- Pronunciation
- Changes
- License
Features
- Real-time: Analyze logs and identify suspicious activity in real-time.
- Alerting: teler provides alerting when a threat is detected, push notifications include Slack, Mattermost, Telegram and Discord.
- Monitoring: We’ve our own metrics if you want to monitor threats easily, and we use Prometheus for that.
- Logging: is also provided in file form or sends detected threats to the Zinc logs search engine.
- Latest resources: Collections is continuously up-to-date.
- Minimal configuration: You can just run it against your log file, write the log format and let teler analyze the log and show you alerts!
- Flexible log formats: teler allows any custom log format string! It all depends on how you write the log format in configuration file.
- Custom threat rules: Want to reach a wider range of threats instead of engine-based (default) rules? You can customize threat rules!
- Incremental log processing: Need data persistence rather than buffer stream? teler has the ability to process logs incrementally through the on-disk persistence options.
Why Teler?
teler was designed to be a fast, terminal-based threat analyzer. Its core idea is to quickly analyze and hunt threats in real time!
For more information click here.