Correlated Network Security Layer — A self-hosted SIEM for Linux
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
CNSL
Correlated Network Security Layer
A self-hosted SIEM for Linux.
Detects attacks that span SSH, web, database, and cloud logs simultaneously -- then blocks them automatically.
What it does
Most tools watch one log and count failures. CNSL watches everything at once.
When an attacker scans your web server, probes your database, then tries SSH with stolen credentials -- CNSL sees all three as one coordinated attack and responds before the breach completes.
Web scan from 45.33.32.1 --+
SSH brute from 45.33.32.1 --+---> HIGH alert + auto-block
DB auth fail from 45.33.32.1 --+
It also tracks how far each attacker has progressed through the kill chain, learns new attack patterns automatically, and shares threat intelligence across multiple servers in real time.
Quick start
pip install cnsl[full]
sudo python -m cnsl --dashboard --no-tcpdump
# Open http://127.0.0.1:8765
# Default login: admin / cnsl-change-me
Or from source:
git clone https://github.com/rahadbhuiya/cnsl.git
cd cnsl
python3 -m venv venv && source venv/bin/activate
pip install -e ".[full]"
sudo venv/bin/python -m cnsl --dashboard --no-tcpdump
Start in dry-run mode (default) -- no real blocks until you add
--execute.
Dashboard
Enable with --dashboard. Runs at http://127.0.0.1:8765.
Tabs: Overview, Incidents, Blocks, Live Feed, Kill Chain, Graph, Cases, UEBA, ML, Honeypot, FIM, Rules, Rate Limit, Settings.
For remote access use an SSH tunnel:
ssh -L 8765:127.0.0.1:8765 user@yourserver
Configuration
Copy and edit the example config:
cp config/config.example.json /etc/cnsl/config.json
All options are documented in docs/configuration.md.
Key sections: thresholds, actions, dashboard, notifications, redis, cloud_identity, zero_trust, siem, federation.
Documentation
| Document | What it covers |
|---|---|
docs/installation.md |
Full install, systemd, Docker |
docs/configuration.md |
Every config option explained |
docs/features.md |
Complete feature list |
docs/architecture.md |
Module structure and design |
docs/kill-chain.md |
Kill chain tracker |
docs/federation.md |
Multi-node setup |
docs/cloud-identity.md |
AWS + Azure AD integration |
docs/zero-trust.md |
Trust score engine |
docs/siem-connectors.md |
Splunk, Sentinel, Webhook push |
docs/pattern-learning.md |
Automated rule discovery |
docs/api.md |
Full REST API reference |
docs/changelog.md |
Version history |
Requirements
- Linux (Ubuntu 20.04+ / Debian 11+ / RHEL 8+)
- Python 3.10+
- Root or
CAP_NET_ADMINfor iptables blocking
Optional: Redis (distributed blocklist + federation), MaxMind GeoIP database.
License
MIT. See LICENSE.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cnsl-2.9.0.tar.gz.
File metadata
- Download URL: cnsl-2.9.0.tar.gz
- Upload date:
- Size: 236.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8e18f43145b42ba6339ebd427c2bdefeef96c11d10a7281c6d4297ec3019ceea
|
|
| MD5 |
2c80dd92f491469175b7a4323dafd27d
|
|
| BLAKE2b-256 |
542c2e098466aad714001f3302d09ee3641a195ddf0090c1e804378f949a5f76
|
Provenance
The following attestation bundles were made for cnsl-2.9.0.tar.gz:
Publisher:
ci.yml on rahadbhuiya/cnsl
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cnsl-2.9.0.tar.gz -
Subject digest:
8e18f43145b42ba6339ebd427c2bdefeef96c11d10a7281c6d4297ec3019ceea - Sigstore transparency entry: 1950462038
- Sigstore integration time:
-
Permalink:
rahadbhuiya/cnsl@ac726f797a491d03b35ed0f77e20ad0ca0865b6c -
Branch / Tag:
refs/tags/v2.9.0 - Owner: https://github.com/rahadbhuiya
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci.yml@ac726f797a491d03b35ed0f77e20ad0ca0865b6c -
Trigger Event:
push
-
Statement type:
File details
Details for the file cnsl-2.9.0-py3-none-any.whl.
File metadata
- Download URL: cnsl-2.9.0-py3-none-any.whl
- Upload date:
- Size: 226.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a148ec428b8b71a98d3da889c7c80120d6067d7a266cbcab32703c5b9acd12ea
|
|
| MD5 |
b62cfc050184f1d6f67b13cbbd466baf
|
|
| BLAKE2b-256 |
9f6bcbfd21bb86df1d4591354a112c0d45e4ed7484fe99b2e29d30ffe2799c26
|
Provenance
The following attestation bundles were made for cnsl-2.9.0-py3-none-any.whl:
Publisher:
ci.yml on rahadbhuiya/cnsl
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cnsl-2.9.0-py3-none-any.whl -
Subject digest:
a148ec428b8b71a98d3da889c7c80120d6067d7a266cbcab32703c5b9acd12ea - Sigstore transparency entry: 1950462225
- Sigstore integration time:
-
Permalink:
rahadbhuiya/cnsl@ac726f797a491d03b35ed0f77e20ad0ca0865b6c -
Branch / Tag:
refs/tags/v2.9.0 - Owner: https://github.com/rahadbhuiya
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
ci.yml@ac726f797a491d03b35ed0f77e20ad0ca0865b6c -
Trigger Event:
push
-
Statement type:
