Skip to main content

Correlated Network Security Layer — A self-hosted SIEM for Linux

Project description

CNSL

Correlated Network Security Layer

CI PyPI Python 3.10+ MIT License

A self-hosted SIEM for Linux.
Detects attacks that span SSH, web, database, and cloud logs simultaneously -- then blocks them automatically.


What it does

Most tools watch one log and count failures. CNSL watches everything at once.

When an attacker scans your web server, probes your database, then tries SSH with stolen credentials -- CNSL sees all three as one coordinated attack and responds before the breach completes.

Web scan      from 45.33.32.1  --+
SSH brute     from 45.33.32.1  --+--->  HIGH alert + auto-block
DB auth fail  from 45.33.32.1  --+

It also tracks how far each attacker has progressed through the kill chain, learns new attack patterns automatically, and shares threat intelligence across multiple servers in real time.


Quick start

pip install cnsl[full]
sudo python -m cnsl --dashboard --no-tcpdump
# Open http://127.0.0.1:8765
# Default login: admin / cnsl-change-me

Or from source:

git clone https://github.com/rahadbhuiya/cnsl.git
cd cnsl
python3 -m venv venv && source venv/bin/activate
pip install -e ".[full]"
sudo venv/bin/python -m cnsl --dashboard --no-tcpdump

Start in dry-run mode (default) -- no real blocks until you add --execute.


Dashboard

Enable with --dashboard. Runs at http://127.0.0.1:8765.

Tabs: Overview, Incidents, Blocks, Live Feed, Kill Chain, Graph, Cases, UEBA, ML, Honeypot, FIM, Rules, Rate Limit, Settings.

For remote access use an SSH tunnel:

ssh -L 8765:127.0.0.1:8765 user@yourserver

Configuration

Copy and edit the example config:

cp config/config.example.json /etc/cnsl/config.json

All options are documented in docs/configuration.md.
Key sections: thresholds, actions, dashboard, notifications, redis, cloud_identity, zero_trust, siem, federation.


Documentation

Document What it covers
docs/installation.md Full install, systemd, Docker
docs/configuration.md Every config option explained
docs/features.md Complete feature list
docs/architecture.md Module structure and design
docs/kill-chain.md Kill chain tracker
docs/federation.md Multi-node setup
docs/cloud-identity.md AWS + Azure AD integration
docs/zero-trust.md Trust score engine
docs/siem-connectors.md Splunk, Sentinel, Webhook push
docs/pattern-learning.md Automated rule discovery
docs/api.md Full REST API reference
docs/ot-iot.md OT/ICS protocol support (Modbus, DNP3, SCADA)
docs/changelog.md Version history
docs/ All documentation (26 guides)

Requirements

  • Linux (Ubuntu 20.04+ / Debian 11+ / RHEL 8+)
  • Python 3.10+
  • Root or CAP_NET_ADMIN for iptables blocking

Optional: Redis (distributed blocklist + federation), MaxMind GeoIP database.


License

MIT. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cnsl-3.0.0.tar.gz (242.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cnsl-3.0.0-py3-none-any.whl (230.9 kB view details)

Uploaded Python 3

File details

Details for the file cnsl-3.0.0.tar.gz.

File metadata

  • Download URL: cnsl-3.0.0.tar.gz
  • Upload date:
  • Size: 242.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cnsl-3.0.0.tar.gz
Algorithm Hash digest
SHA256 dcd7d41b61657c025af900bbdfef04e7d375a44ad222751a4c7243309bdbd7a6
MD5 527ba8e2dcacd95ba59f029664d24796
BLAKE2b-256 5ebad1d68ebc629ad413e8197cb652743315bd0e9e8c515897bf03ae2ca381aa

See more details on using hashes here.

Provenance

The following attestation bundles were made for cnsl-3.0.0.tar.gz:

Publisher: ci.yml on rahadbhuiya/cnsl

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cnsl-3.0.0-py3-none-any.whl.

File metadata

  • Download URL: cnsl-3.0.0-py3-none-any.whl
  • Upload date:
  • Size: 230.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for cnsl-3.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 350aaaa737309bc00fec5409679ef2687fbe338189f42d89d09d171e346d1129
MD5 2784f89acaf82b5b053b24ec4deb507b
BLAKE2b-256 f013a2f4ff4cece3bd1ff8f7e5d45b95e8862ea6b6f36819ad07716b54b21fa2

See more details on using hashes here.

Provenance

The following attestation bundles were made for cnsl-3.0.0-py3-none-any.whl:

Publisher: ci.yml on rahadbhuiya/cnsl

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page