Inquisition
An advanced and versatile network anomaly detection platform for SMB and enterprise users alike.
Introduction
Inquisition utilizes three pieces of software in order to analyze your environment's logs and generate security alerts that you actually want to know about.
Anatomize.py scans and parses your log files and sticks them in an in-memory log store for further analysis.
Destiny utilizes machine-learning (via the SciKit library) in order to analyze the log store and identify anomalous events.
Celestial provides a front-end web GUI and API for managing your Inquisition install, receiving and responding to alerts, and overeseeing the security of your environment.
What Does Inquisition Help Identify
Since it specifically identifies anomalous network events, Inquisition specializes in alerting on security issues such as:
- Data Exfiltration
- Current Breaches
- Active APT Attacks
- Widespread malware infections (especially RAT's and trojans)
Installation
Installation of Inquisition is easy: install the requirements, install the software, and run through setup for your environment.
You can find instructions on how to install Inquisition by visiting the installation guide page in the project wiki.
Usage
After installing the software, we're now ready to start using it. For information on how to use Inquisition, visit the user guide.