-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Argus is the first network flow system, developed by Carter Bullard in the early 1980's at Georgia Tech, and adapted for cyber security incident response at the first Computer Emergency Response Team (CERT) in Carnegie Mellon's Software Engineering Institute in the late 1980's. Since then, network flow technology has become a critical part of modern networking and cyber security and Argus has been an active part of that evolution.
Argus is network audit technology, providing a network activity audit engine for all network traffic, not just IP. It was modeled after the Public Switched Telephone Networks (PSTN) Call Detail Record (CDR), and is designed to account for all network activity in a way that can support all types of network management functions, including security management. Audit is a fundamental NIST security control.
The Argus Project's official home is https://openargus.org. Github hosts the software development.
Argus is an open source project focused on proof of concept demonstrations of all aspects of large scale network awareness derived from network flow data. Argus, attempts to be the "bleeding edge" of network flow technology, processing packets really fast, either on the wire or in captures, into the richest network flow data available. The Argus system attempts to address a large number of the issues of network flow data processing; scale, performance, applicability, privacy and utility.
Even though Argus is a proof of concept project, it has been used operationally in US Govt, US DoD, DHS, DOE, large corporations and university networks world wide. It is widely used in network research, supporting diverse projects in network performance analysis, situational awareness, cyber security, machine learning and even Software Defined Networks (SDNs) chip design, just to name a few.
The Argus architecture is designed to support small and very large scale network auditing. The real-time data provides a lot of information, which can be stored in files for processing later, or the clients programs can be pieced together to provide real-time network data streams for simple network awareness, large scale distributed visibility, even active cyber defense.
If you are interested in using argus, grab the code and dive in. If you would like to participate in the development of Argus, sign up to the mailing lists, grab the code and start playing with what we have, so you can see where you can contribute.