PatrowlEngines: Open Source, Free and Scalable Security Operations Orchestration Platform
PatrOwl
PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations.
PatrowlEngines is the engine framework and the supported list of engines performing the operations (scans, searches, API calls, …) in due time. The engines are managed by one or several instances of PatrowlManager.
PatrOwl is an advanced platform for orchestrating Security Operations like Penetration Testing, Vulnerability Assessment, Code review, Compliance checks, Cyber-Threat Intelligence / Hunting and SOC & DFIR Operations.
Fully-Developed in Python (Django for the backend and Flask for the engines). It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery.
Architecture
Use
Assets
Add a new Asset
- Go to the creation form using the header menu bar or go directly to the URL /assets/add.
- The following form will be available:
Some tips:
| Parameters | Description | Examples |
|---|---|---|
| Value | Value of the asset | 8.8.8.8, patrowl.io, myorg.local, https://app.patrowl.io |
| Name | Quick title of the asset | MyCORP DNS A, Corporate Website |
| Type | Type of the asset. Available scan policies will be filtered on this value | IP, FQDN, DOMAIN, URL, KEYWORD, PATH or PERSON |
| Description | Free text area for describing the asset | Corporate website based on Drupal 7.3 and exposed on Internet |
| Criticity | Business criticity of the asset. Global risk scoring will depend on this value | Low, Medium or High |
| Categories | List of tags to quickly describe the asset. Custom values could be added. | Windows, Database, Corporate Website |
- Click to the button “Create a new asset” to confirm the creation. You will be redirected to the assets list.
Engines
Add a new Engine
- Go to the creation form using the header menu bar or go directly to the URL /engines/add.
- The following form will be available:
| Parameters | Description | Examples |
|---|---|---|
| Engine | Type of the engine | NMAP, VIRUSTOTAL, ARACHNI, CORTEX, OWL_LEAKS |
| Name | Name of the engine | nmap-001, vt-001, arachni-docker-001, cortex-001, oleaks-001 |
| Api url | URL address of the engine | http://localhost:5001/engines/nmap/, http://external-server:5012/engines/owl_leaks/ |
| Enable | Choose if you want to enable the engine once created | n/a. |
| Authentication method | Select the authentication method to access to the engine from the PatrowlManager host (Only ‘None’ is available for the moment) | None, HTTPBasic, APIKey |
- Click to the button “Create a new engine” to confirm the creation. You will be redirected to the engines list.
Scans
Add a new Scan
- Go to the creation form using the header menu bar or go directly to the URL /scans/defs/add.
- The following form will be available:
| Parameters | Description | Examples |
|---|---|---|
| Title | Title of the scan | “List open ports on Internet-faced assets”, “Scan XSS on corporate website”, “Search technical leaks on GitHub and Twitter” |
| Description | Description of the scan | “Here a long description of the scan purposes” |
| Scan type | Scans could be started once or periodically | “On-Demand” or Periodical |
| Start scan | Select the moment to start the scan(s): Later (not now, just create the scan definition), Now or Scheduled at a precise datetime | “Later”, Periodical, Scheduled at |
| Search asset(s) | Search and select asset(s) targeted by the scan. Search criteria are asset value, name, description and categories | “8.8.8 +Enter “, DNS +Enter |
| Filter by Engine and Or, Filter by Category | Search the scan policy using the Engine or the Category filter | n/a |
| Select Policy | Select the scan policy | n/a |
| Select Engine | Select the scan engine which will perform the scan each times. It could be Random and the first available engine will perform the scan | n/a |
- Click to the button “Create a new scan” to confirm the creation. You will be redirected to the scans list.
Install
Copyright (C) 2018-2021 Nicolas MATTIOCCO (@MaKyOtOx – nicolas@patrowl.io)
