Skip to main content

It has landed: Lawmaker is now available!

It is finally here! We're extremely excited we get to share these news. Lawmaker, our Suricata management system, is finally open to the public!

We talked about Lawmaker in this blog before. Since then a lot has changed and in this blog post we'll go over some of the changes and features that made their way into the platform.

If you're just learning about Lawmaker, allow us to give you some background.

One year ago we decided we wanted to do something around Suricata rule and ruleset management. Our goal was to have a simple web application where we could control our suppresses, thresholds and beautify some of the things that go into managing a fleet of Suricata sensors.

Very early on in the process we decided that the effort that would go into developing this for ourselves wouldn't be much different if we decided to open it to the public.

400 backend and 300 frontend commits later, countless hours in Google Meet and so many failed builds we lost track, today is the day that we feel confident enough to share what took us 1 year to develop. Today is the day we open Lawmaker to the public!

What initially seemed like a pretty straight forward development ("ah, it's just generating a handful of text files. How hard can it be?") quickly became a complex project where we were dealing with multi-tenancy, role-based access control, API keys, a subscription system and much more.

Lawmaker is probably the best example of our posture towards information security. No BS! No charges for licensing that become prohibitive for small companies or professionals to use. Not accepting the status quo and bringing something new to the way things are done. To everyone

Features of Lawmaker 

  • Manage disable, enable and thresholds - The files you need, with a user interface that you'll love 
  • BPF Filters - Managing your conditions for bypass of traffic in Suricata was never this easy
  • Ruleset Sources - suricata-update is awesome and with this feature you get to manage it alongside everything else
  • Activity Monitor - Keep an eye on everything that is happening in your tenants, across all users
  • lawmaker-agent - A lightweight Bash script that runs on your sensors; Easy on resources (no dependencies!) and capable of running your entire Suricata system
  • Guest Accounts - Invite people to work on your Suricata deployment; Invite the compliance team to have a read-only insight into how things are configured 
  • Multi-tenant - All of the features explained above within a multi-tenant architecture that allows you to manage unlimited Suricata deployments from a single account

All of it is already in the platform and much more is coming until the end of the year! No hidden pricing, contracts or dealing with "sales engineers". Sign up when you want and terminate your subscription when you don't feel like using it anymore.

Every new account in Lawmaker has a 7 day free trial! Give it a go. At work or in your own lab setup, you can quickly start using Lawmaker alongside your vanilla Suricata deployment.

It gets better though! Are you a non-profit using Suricata? Or maybe a researcher that is sharing work (blog posts, IDS signatures, PCAPs, etc) with the community? Reach out to us or DM us on Twitter and we'll set you up with voucher for lifetime free usage of the platform

We hope you like it and we're looking forward to improving the platform with your feedback!

lawmaker-agent

 

Labels:

Popular posts from this blog

Community Update - 3CORESec Blacklist 📓 🍯

Recently we tweeted about some issues we had with 3CORESec Blacklist , a platform that shares - openly and freely - a subset of the information seen and processed by our honeypot network.  While those issues have been addressed, and seeing as significant changes were made to how we monitor the generation of the lists (which is reflected in our status page ) and how we determine if an IP should be listed as an offending IP or not, this felt like a good opportunity to write a bit more about the platform as well as the changes we made.   For regular users of Blacklist 📓 the first thing they’ll notice is an increase on the numbers of IPs we include. That is a direct result of the changes we made and the growth of the honeypot network itself. We have not - and will not - ever increase the period for which we query the honeypot network, as we believe anything higher than 24h (as specified in the project page) for IP addresses can quickly fall into a decaying state that adds little value
Read more

Detection as Code (DaC) challenges - Introducing Automata

This blog post is the second part of our Detection as Code (DaC) challenges series. You can read part one here . The development process of detections by itself doesn't pose a lot of barriers for security engineering teams, as they are typically done in a lab/controlled environment, but after tuning and deploying rules to a SIEM, the work is only starting. Many things can go wrong after this, and a process of continued and automated testing is crucial. Detection Validation In an ideal (and fictional) world, once the datasets are parsed, normalized, and put into production, detections developed by your team would work forever. Still, the reality is quite different. Maintenance is heavy work that needs to be done frequently - especially if you work on an MSP - but the reality is that the ecosystem lacks tooling and processes to do it proactively. Effectiveness is an important metric and crucial to the successful response of incidents in time, and effectiveness is what we aim to ensu
Read more

Trapdoor - The serverless HTTP honeypot

  Today we are announcing the release of Trapdoor , our AWS-based serverless honeypot.  The idea of a serverless honeytoken isn't new. Adel released his honeyLambda a few years ago and we've been working with it for quite some time. It was because of this experience and the goal of improving on what was already a great idea that we decided to go to the drawing board and see how we would change and tweak the concept.  What is it? Trapdoor is a serverless application that can be deployed in any AWS environment. Its goal is to receive HTTP requests with the intent of identifying, and alerting, on its visitors. The URLs generated by Trapdoor can also be referred to as honeytokens .  While you can get creative on how to use it, one of the goals of a honeytoken is to be hidden or stored in a "safe" place and, if accessed, fire of an alarm, as access to the token would be considered a compromise or unauthorized access.  This example is the passive way of using deception ta
Read more