Welcome to the UTMStack open-source project! UTMStack is a unified threat management platform that merges SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) technologies. Our unique approach allows real-time correlation of log data, threat intelligence, and malware activity patterns from multiple sources, enabling the identification and halting of complex threats that use stealthy techniques. Visit an online demo here.
We have a dedicated repository for correlation rules, contributors are welcome to submit a pull request.
UTMStack stands out in threat prevention by surpassing the boundaries of traditional systems. Our software platform can swiftly analyze log data to identify and halt threats at their source in real-time, even if the threat was not directly detected on the server itself. This seamless integration of SIEM and XDR capabilities sets UTMStack apart from competitors, providing organizations with an effective, holistic cybersecurity suite that enhances threat detection, response, and remediation across clients’ valuable digital infrastructure. Correlation happens before data ingestion, reducing workload and improving response times.
To get started with UTMStack, visit our demo at utmstack.com/demo. You can also watch our videos to learn more about our platform:
We welcome contributions from the community! Whether you're a developer, a security expert, or just someone interested in cybersecurity, your contributions can help make UTMStack even better. Check out our Contributing Guide for more information on how you can contribute to this project.
UTMStack code is reviewed daily for vulnerable dependencies. Penetration testing is performed on the system yearly and after every major release. All data in transit between agents and UTMStack servers is encrypted using TLS. UTMStack services are isolated by containers and microservices with strong authentication. Connections to the UTMStack server are authenticated with a +24 characters unique key. User credentials are encrypted in the database and protected by fail2ban mechanisms and 2FA.
UTMStack is open-source software licensed under the AGPL version 3. For more information, see the LICENSE file.
If you have any questions or suggestions, feel free to open an issue or submit a pull request. We're always happy to hear from our community!
Join us in making UTMStack the best it can be!
This installation guide provides instructions to perform the UTMStack installation on Ubuntu 22.04 LTS.
Assumptions: 60 data sources (devices) generate approximately 100 GB of monthly data.
Definitions:
Resources needed for one month of hot log storage.
IMPORTANT: Going above 500 data sources/devices requires adding secondary nodes for horizontal scaling.
The installation can be performed using an installer file or an ISO image. The instructions below are only for the installer file option; please skip them if you use the ISO image instead.
NOTE: The default Ubuntu Server credentials are; "user: utmstack", "password: utmstack"
sudo apt update
sudo apt install wget
wget http://github.com/utmstack/UTMStack/releases/latest/download/installer
sudo su
chmod +x installer
./installer
Once UTMStack is installed, use admin as the user and the password generated during the installation for the default user to login. You can found the password and other generated configurations in /root/utmstack.yml Note: Use HTTPS in front of your server name or IP to access the login page.