-
Notifications
You must be signed in to change notification settings - Fork 12
Home
Welcome to the Argus wiki! Here we'll try to use the powers of GitHub to develop and manage new features of Argus data generation. Argus was originally called the "ARGUS - Audit Record Generation and Utilization System" and that is how its reference on sites like Wikipedia. Argus has been grabbed as a name for so many products, services, things, but in 1984 when Argus began, this project was the first use of the term for software in the Internet.
The Argus project is composed of two efforts.
- Network flow data generation
- Network flow data processing
In this wiki we'll talk about network flow data generation, which is referred to as the Argus Server or Sensor. The processing component is referred to as the Argus Clients, and has its own GitHub repo. Over the years, we've moved to referring to the Argus as the network flow sensor, and we'll stick to that convention here.
There are a few basic design concepts that are strictly applied to the Argus:
Comprehensive network accountability - Argus is a comprehensive network sensor, so it will account for every packet that it observes. This is an important goal for cyber security network awareness, and it is a requirement in the US DoD Zero Trust Architecture.
High performance - As a stand-alone network sensor, Argus is designed to "keep up". A part of Argus's development was done at the Naval Research Laboratories Supercomputer Center, so keeping up was job #1. This goal has helped Argus's adoption. It was the primary network sensor for the NSFnet in the 1980's, before it was transitioned as the current Internet. It was used in the Internet core in the 1990's when cyber security monitoring was in its infancy. It was the principle sensor for GLORIAD, the NSF International network, until it was transitioned, and it was the sensor for network ops for a number of research networks using ATM, Infiniband, optical protocols, like those seen in Dragon. Argus is currently in operation at 100Gbps (200 bidirectional) at US Gov't sites and Universities in the US (to our knowledge). High performance also enables the use of Argus in IoT devices, tablets, Android phones, mini-PC computers, laptops, and supercomputers.
Dense Features - Argus has tried to be on the leading edge of network sensor technology by providing the most features of any general purpose network sensor. We currently provide over 250+ network features that range from network object identifiers, metrics, packet dynamic measurements, behavioral data and selective content, in a very compact binary record format.
One criticism of the Argus project is that we haven't been telling people what to do with their data, or how to do it, except through our examples. But the purpose of the project was to create the sensor, in order to enable the industry to rely on high-grade network sensing. We think we have been successful.