Skip to content
This repository has been archived by the owner on Mar 17, 2022. It is now read-only.

unixfreak0037/ACE

This branch is 32 commits behind ace-ecosystem/ACE:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

e962c55 · Jan 29, 2020
Mar 7, 2019
Jan 21, 2019
Dec 2, 2019
Jan 28, 2020
Jan 28, 2020
Dec 31, 2018
Aug 3, 2018
Dec 21, 2019
Jan 29, 2020
Jan 23, 2020
Jan 27, 2020
Jan 28, 2020
Oct 18, 2018
Jan 28, 2020
Dec 18, 2018
Jan 23, 2020
Jan 28, 2020
Sep 20, 2018
Dec 31, 2019
Aug 3, 2018
Jan 26, 2020
Dec 16, 2019
Jan 24, 2020
Oct 9, 2019
Jan 27, 2020
Feb 14, 2019
Oct 3, 2019
Feb 1, 2019
Aug 7, 2018
Nov 14, 2019
Jan 10, 2020
Oct 23, 2018
Jan 27, 2020
Jan 26, 2020
Nov 19, 2018
Nov 14, 2019

Repository files navigation

ACE - Analysis Correlation Engine

Documentation Status

ACE is a detection system and automation framework. ACE’s foundation is its engine for recursive analysis and its intuitive presentation to your analysts. ACE's goal is to reduce the analyst's time-to-disposition to as close to zero as humanly possible.

While ACE is a powerful detection system, and does have built in detections, ACE does not ship with all of the yara signatures and intel detections that teams have built around it. However, ACE makes it easy to load your own yara signatures and atomic indicator detections.

Alerts are sent to ACE, and ACE handles the ordinary, manual, redundant, and repetitive tasks of collecting, combining, and relating data. ACE will then contextually and intuitively present all the right data to the human, allowing for a quick, high confidence determination to be made.

Got some new analysis that can be automated? Awesome! Add your automation, and let ACE keep working for you.

Analyst using ACE

For the most part, custom hunting tools send alerts to ACE using ACE’s client library (API wrapper). ACE then gets to work by taking whatever detectable conditions it’s given and spirals out through its recursive analysis of observables, hitting as many detection points as possible across the attack surface.

ACE is the implementation of a proven detection strategy, a framework for automating analysis, a central platform to launch and manage incident response activates, an email scanner, and much more.

Major Features

  • Email Scanning
  • Recursive File Scanning
  • URL Crawling and Content Caching
  • Intuitive Alert Presentation
  • Recursive Data Analysis & Correlation
  • Central Analyst Interface
  • Event and Incident Management
  • Intel Ingestion
  • Modular Design for extending automation

The Super Fast, Getting Started Steps

  1. Clean Ubuntu 18 install. Take a quick look at these notes about Ubuntu 18.
  2. Create username/group ace/ace.
  3. Add ace to sudo.
  4. Login as user ace.
  5. sudo mkdir /opt/ace && sudo chown ace:ace /opt/ace && cd /opt/ace
  6. git clone https://github.com/ace-ecosystem/ACE.git .
  7. ./installer/source_install
  8. source load_environment
  9. ./ace add-user username email_address
  10. Goto https://127.0.0.1:5000/ace/ or whatever IP address you're using.

Built for the InfoSec Team

Regardless of skill level, ACE greatly reduces the time it takes an analyst to make a high confidence alert disposition. This reduction in time-to-disposition, coupled with the appropriate hunting and tuning mindset, means that security teams can greatly increase their attack surface coverage, all while utilizing the same amount of analyst time and practically eliminating alert fatigue. Optimization good, alert fatigue bad.

Analyst using ACE

Analyst Demo

The following YouTube video provides a tour of the ACE GUI and demonstrates how to work some alerts.

ACE Analyst Demo

Philosophy

For a more in-depth understanding of the philosophy behind ACE, see the talk that John Davison gave on the development of the ACE tool set at BSides Cincinnati in 2015.

Automated Detection Strategies

Documentation

View ACE's full documentation here: https://ace-analysis.readthedocs.io/en/latest/

About

Analysis Correlation Engine

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 58.6%
  • JavaScript 34.5%
  • HTML 4.1%
  • CSS 1.3%
  • Shell 1.0%
  • TSQL 0.2%
  • Other 0.3%