Redwatch is an open source tool being developed by a team of developers with a focus on modular security that can realistically be incorporated across Linux Servers and Linux Endpoints in an enterprise setting. The development team includes enterprise systems administrators, incident responders, helpdesk staff, and devolopers. This tool seeks to increase the Authentication, Authorization and Accounting by providing an automated baseline and ongoing security audit, looking for key indicators of compromise and raising alerts.
Redwatch will always, by the adaptive nature of cybersecurity, be a work in progress. However, our end goal is to have a tool that can provide intelligent feedback to Blue Teamers and Systems Administrators in near real-time while helping prevent compromise.
Our development team currently consists of 6 regular contributors, with many other sources and developers contributing patches, suggestions, and features. Feel free to submit pull requests to get your features implemented in the same build. Contact us by opening an issue if you'd like to become a regular contributor.
Mitigation: Mitigate specific configuration errors/known exploits by applying additional countermeasures.
Prevention: Prevent common attacks by hardening configurations at the operating system or application level.
Detection: Detect types of attacks by looking for persistence/indicators of compromise.
REDWATCH is not sponsored by/endorsed by United States Air Force/Department of Defense. However, we attempt to implement solutions compliant with United States Air Force Manual 17-1301, which in turns implements Air Force Policy Directive 17-1, and Department of Defense Instruction 8551.01.
DoD/NSA Documents Referenced list:
https://media.defense.gov/2019/Sep/09/2002180360/-1/-1/0/CONTINUOUSLY%20HUNT%20FOR%20NETWORK%20INTRUSIONS.PDF
https://media.defense.gov/2019/Sep/09/2002180346/-1/-1/0/TRANSITION%20TO%20MULTI-FACTOR%20AUTHENTICATION.PDF
https://media.defense.gov/2019/Jul/16/2002158046/-1/-1/0/NSA
https://media.defense.gov/2019/Sep/09/2002180330/-1/-1/0/DEFEND%20PRIVILEGES%20AND%20ACCOUNTS.PDF
https://media.defense.gov/2019/Jul/16/2002158054/-1/-1/0/DEFENDING%20YOUR%20DNS%20INFRASTRUCTURE_BANNERLESS%20.PDF
https://media.defense.gov/2019/Sep/09/2002180325/-1/-1/0/SEGMENT%20NETWORKS%20AND%20DEPLOY%20APPLICATION%20AWARE%20DEFENSES_20190905.PDF
https://media.defense.gov/2020/Apr/22/2002285959/-1/-1/0/DETECT%20AND%20PREVENT%20WEB%20SHELL%20MALWARE.PDF