Citrus-SIEM
Inspiration
We are often tasked with managering several machines at many of the comeptitions we play in. Part of the challenge is using existing tools, and that got us thinking of making a status page for a network from scratch!
What it does
Simply run the central go server somewhere accessible, then run the forwarders on the clients you want to watch and ta-da! A little status page for each machine running a forwarder.
It tells you whether the client is on or off, what IP address is it running on, the Operating System, the uptime, and the current connections. This is most handy for monitoring for reverse shells on a large network.
How we built it
- Utilized Material UI in React and Typescript to make a fanciful and responsive user display
- Implemented the core server logic in Golang for safe, garbage collected web concurrency
- Wrote powershell and bash scripts to automate the information forwarding
Challenges we ran into
Most of Saturday was fighting with our tools just trying to get libraries setup and able to be used. This took much more time than we thought: installing, reinstalling, restarting, removing, uninstalling, and repeating this cycle several times did not solve the issue. Somehow it got solved by VScode auto-importing a library.
Accomplishments that we're proud of
We worked really hard on the Go server processing and the React/Typescript front end.
What we learned
We learned a whole lot about React state and how it ties into Typescript. As well as the core principles behind web server logic. The generation of a static page from our React code was very interesting to watch and see in action.
What's next for Citrus-SIEM
Most likely, using the Twillio API to alert the user when a client is not reachable and look into log aggregation to flush out the SIEM for System Administration use.
Built With
- bash
- golang
- material-ui
- powershell
- react
- typescript
Log in or sign up for Devpost to join the conversation.