Project Q is a tools that tracks for malicious activities on systems using OS Query and uses Sophos Intellix APIs to check if they are malicious. Project Q will cache the results Intelix APIs to save on query time and money.
- You know how to setup Kafka, OS Query
- You need to have Sophos Intelix API credentials
- You need to have a Kafka server running
- You need to install and OS query with the configs we have included in osquery/
- To start the docker container run make file after setting django secret key.
- you can create a superuser by bash-ing into the container, cd to project directory and running
python3 manage.py createsuperuser
Once you have everything setup, you can see the events in UI Dashboard
You can link to DB instead of local mysqlite.
This project is licensed under Apache License, Version 2.0. See the LICENSE file for full license text.
- Sophos Intelix API
- OS Query
- UI Theme Atlantis-Lite by themekita