AUDITING NETWORK ACTIVITY

Using Argus

Getting Argus

Argus Wiki

Development

Documentation

Publications

Support

Links

News

To Do List

This is a list of features that we are either currently working on in the next release of argus and argus-clients or are things we are thinking about on the developers list. This is not at all a complete list of interesting things to do, and a lot of simple stuff is obviously missing, like Visualization, or Nagios integration, or SIEM integration. Please feel free to comment and contribute to this list through the developers mailing list.

Argus[-clients]-3.0.8

The current list of formal efforts we will add to argus-3.1.0 are:

1

Better multi-core support for argus, radium, and database support to improve performance and to support new emerging vendor technologies [ Continuing ]

2

Improve GLORAID ELK (Elastic Search, Logstash, Kubana) Argus data integration (need partners for this) [ Pending ]

3

Continue to add attributes to argus data to improve its ability to support Network Operations, Performance and Security management. In particular, to add control plane flow monitoring and host based information elements, such as user and process identifiers to flow data. [ Done, and Continuing ]

4

Introduce Mac OS X visualization and data management applications into the open source code base, and to improve on our globe and our 3D visualilzation methods. [ Pending ]

5

Ports to more devices, such as LinkSys, Apple TV, Samsung Home Devices

6

Improve and document what we've got. [ Working Items ]

These 6 items include the described issues below:

Full multi-threaded model for argus packet processing. This is designed to turn on a few more of your cores for flow processing.

Argus "events" modules. Provide support for argus to inject non-flow data/metrics into the argus data stream. Data such as SNMP MIB derived data, or /dev/proc (for machines that have /dev/proc) data. The purpose of this is to bring other data into the flow data stream for cross-dimensional correlation. The #1 goal is to provide a mechanism so that argus clients can get application information for the network flows that are being monitored. This is currently working very well in a number of test sites, however, we need work on client parsers for the data types that we report.

Wireless Argus. There are a huge number of operations, performance and security issues that can be addressed with better 802.11ABGN monitoring. Argus runs in laptops and wireless workstations, and OpenWRT based wireless routers. This project will extend argus to provide radio control plane flows, to understand key exchanges, the emergence of new end systems, etc... So suggestions for tracking wireless hosts for operations, performance and security will be most welcome indeed.

Porting Argus to relevant IoT devices to provide ops, performance and security awareness. Argus is running very well in LinkSys OpenWRT based wireless routers, laptops, tablets and some android phones. Getting Argus into as many end systems as possible is a goal for 2017.