Tool and Usage
|Latest release||Beta-V8 |
Why this tool?
DejaVu is an open source deception framework which can be used to deploy and administer decoys or canaries across a network infrastructure. Defenders can use deception as a technique to learn quickly about possible attackers on the network and take actions.
How it works
The decoys use popular services and protocols like FTP, HTTP, SMB, SSH, and others. Upon access of a service, they can trigger an alert. The decoys can be deployed, configured, and managed with a web interface.
There are several commercial solutions for this type of software, yet the open source options are limited. The README.md file states that the project is open source. During our review, there was no code available on the GitHub repository, only a virtual disk image. The GPLv3 license was added upon our request for the license.
Usage and audience
DejaVu is commonly used for security monitoring or threat discovery. Target users for this tool are network administrators, security professionals, and system administrators.
- Web interface
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + The source code of this software is available
- - No releases on GitHub available
History and highlights
- Demo at Black Hat USA 2018 Arsenal
- Demo at DEF CON 26 Demo Labs
Supported operating systems
DejaVu is known to work on Linux.
Similar tools to DejaVu:
Network threat detection engine that acts as intrusion detection (IDS), inline intrusion prevention (IPS), and network security monitoring (NSM)
Sweet Security is a set of scripts to setup and install Bro IDS, Elasticsearch, Logstash, Kibana, and Critical Stack on any device.
Zeek is a network security monitoring tool (NSM) and helps with monitoring. It can also play an active rol in performing forensics and incident response.
This tool page was updated at . Found an improvement? Help the community by submitting an update.
Related tool information
- A canary in the field of information security is a hardware or software solution that is deployed as a decoy within the network. Upon access of a canary, an alert or event will be sent to a predefined location like an email address or application.
The name canary refers to the caged canaries that were in coal mines. Miners would take them with them as an early warning signal against dangerous gases like carbon monoxide. If the canary suddenly died, the miners would know about the presence of the gas and exit the tunnels.