Citrus-SIEM

  • Anthony Hallak, Jason Lin, Nathan Melwani

GitHub Link!

Inspiration

We are often tasked with managering several machines at many of the comeptitions we play in. Part of the challenge is using existing tools, and that got us thinking of making a status page for a network from scratch!

What it does

Simply run the central go server somewhere accessible, then run the forwarders on the clients you want to watch and ta-da! A little status page for each machine running a forwarder.

It tells you whether the client is on or off, what IP address is it running on, the Operating System, the uptime, and the current connections. This is most handy for monitoring for reverse shells on a large network.

How we built it

  • Utilized Material UI in React and Typescript to make a fanciful and responsive user display
  • Implemented the core server logic in Golang for safe, garbage collected web concurrency
  • Wrote powershell and bash scripts to automate the information forwarding

Challenges we ran into

Most of Saturday was fighting with our tools just trying to get libraries setup and able to be used. This took much more time than we thought: installing, reinstalling, restarting, removing, uninstalling, and repeating this cycle several times did not solve the issue. Somehow it got solved by VScode auto-importing a library.

Accomplishments that we're proud of

We worked really hard on the Go server processing and the React/Typescript front end.

What we learned

We learned a whole lot about React state and how it ties into Typescript. As well as the core principles behind web server logic. The generation of a static page from our React code was very interesting to watch and see in action.

What's next for Citrus-SIEM

Most likely, using the Twillio API to alert the user when a client is not reachable and look into log aggregation to flush out the SIEM for System Administration use.

Built With

Share this project:

Updates