"Find, Correlate and Process" data within your network.
The Foresight Cyber Platform (FCP) is a platform for gathering and analysing information regarding IT infrastructure within an organization, providing business intelligence features to a sensitive area where cross-referencing information is difficult.
The goal is to be able to audit information within a company, based on information retrieved from multiple tools and stored in the platform database.
The information gathered and processed by the platform is held within the database, for the explicit purpose of providing users with historical trends and a status update at any given point in time.
The platform was developed primarily for our internal Foresight Cyber team: however, it is now available for everybody. See license.
See Installation guide to install the platform
See Initial guide to configure it from the scratch
The best way to fully understand and use our platform is to use our guide.
We are all using complex computer networks that have lot of assets, people and events. This also brings with it many new problems and challenges. FCP is designed to carefully correlate data between many possible sources, trying to answer basic questions about how we successfully manage our assets.
Asset management is a very critical part of any and all cyber security processes. Without thorough and precise asset management policies, processes and procedures, it is almost impossible to maintain a secure network. For example if you don't know what assets are deployed how could you know which ones are legitimate and which ones may be outside your direct control and management. Note that asset management is not CMDB. CMDB is only one part of the process.
There are several possibilities to discovering IT assets. It can be simple network scan, like nmap, AzureAD, Ansible, LDAP, DNS, DHCP logs, NetFlow or other technology. FCP modules have ben carefully designed and available to gather such information.
Not all sources can offer detailed information about your IT assets. For example, nmap is limited to recognising live hosts and open ports. AzureAD collection can enrich information about device owners, versions and levels of trust. Next, Ansible module can detect information about accounts, interfaces and software installed on Linux hosts. As a result, platform correlates all these things and do report, which hosts are missing, which IPs are same hosts etc.
All parts of the platform are specifically designed with automation in mind, which is a crucial element in the way Foresight Cyber operates. Even if we plan some kind of GUI enhancements for the future, the platform is CLI based. All operations are repeatable and results are scriptable.