Help to personalize Taranis in my environment or to integrate to SIEM

[hsninbil]

Hi all, i want to personalize taranis 3.7.4 in my environment. i did asset inventory in my organization. Thank you for help me step by step to align Taranis.

[markov2]

This is a very generic statement. Do you need changes to make that easier for you? Is there some extension code you would like to contribute to our code-base?

The best way to get this done, is by forking the project on GitHub. Then, we can see the changes you made and you can create pull requests for us.

[ghost]

Taranis NG will have asset management on board

[markov2]

There are different interpretations of what "Asset Management" means. I am really interested to see/hear how far TaranisNG has come.

[milankowww]

Asset management in Taranis NG

In answer to @markov2. Readers beware: this comment is NOT related to Taranis 3 published on this repository.

1. The version of NG that exists today in the repo does have this functionality, and it's relatively simple:

• organisation has asset groups (and people, and there are ACLs to configure who sees what)
• asset groups have
  • notification templates (essentially a list of email addresses)
  • entries = assets (name, description, serial no, list of CPE codes with wildcard support)

There are two ways to work with the inventory - via the GUI or via the API.

ETA for public release is first half of September, but I believe @wagner-certat and @markov2 do have access right now. For the coming public release, I'm planning to make a fresh build as a docker container to make deployment as simple as possible, but am slowed down by other projects.

2. Post-public-release, we are planning to greatly expand this part to allow:
   • multi-level asset groups with N to N mapping (one asset may belong to multiple groups, etc)
   • asset criticality (will be color coded in the GUI)
   • coloring will be based on MAX(asset's own criticality, and inherited from groups upwards / downwards the graph)

That will be, in our local use case, used to reflect importance of assets to essential services according to NIS, as we will ask our providers of essential services to add their assets to a dedicated Taranis NG instance, and wil be linked with our incident tracking & response system.

ETA for this update is tentatively November this year.

[hsninbil]

Dear All, thank you for your response.

[markov2]

@milankowww I have no access to your TaranisNG demo, but people at NCSC_NL say they have.

If I am understanding you correctly, your "assets" are facts which you can flexibly connect to the organization object where the current Taranis has a rigid set of assets, which is only extensible via code changes. Via code forking on GitHub, the required extensions can easily be added, but I would have preferred that Taranis had a more pluggable interfaces.

As API, Taranis has a REST interface which is really simple to extend. No-one expressed the need.

[hsninbil]

Dear all. please it's possible to share TaranisNG. Thank you

[sebix]

Dear all. please it's possible to share TaranisNG. Thank you

-> https://github.com/SK-CERT/Taranis-NG/