In Norse mythology, Bifröst (/ˈbɪvrɒst/ ⓘ [1]), also called Bilröst, is a burning rainbow bridge that reaches between Midgard (Earth) and Asgard, the realm of the gods. Wikipedia
Bivrost is a simple, (hopefully) fast, and (hopefully) reliable adapter and bridge between different services. It's designed to be modular and easy to extend, and to be able to handle a wide variety of different services and protocols.
Bivrost is written in Go due to it being a statically typed, memory safe, and compiled language designed for networking and concurrency.
Bivrost serves as a log normalization and aggregation service, which is designed to be able to handle a wide variety of different services and protocols. It is designed to be modular and easy to extend, and to be able to handle a wide variety of different services and protocols.
Bivrost is configured using a simple configuration file, which is written in YAML. The configuration file is used to specify the services and protocols that Bivrost should handle, as well as the settings for each service and protocol.
We've chosen YAML for our configuration. YAML is a human-readable data serialization standard and it used by both Docker and the Grafana stack. Using it does not only make sense in a technical way, but also in a holistic way.
# YAML also supports comments, which means we can guide the user through the configuration file.
sources:
- name: siem logs
type: directory
location: /var/log/siem
format: json
tags:
- siem
- logs
# Here ends the first source
# Here starts a new source.
- name: syslog # Arbitrary name of the source
type: service # Type of the source
location: ' ' # Location of the source(such as path, uri, rpc, and ipc)
format: json # Format bivfrost should expect
tags: # Tags to be used for filtering
- syslog # Tag for filtering
- logs # Tag for filtering
- name: threat intel
type: module
location: /path/or/uri/to/module/output
format: json
tags:
- intel
- module
- name: thevalve
type: module
location: ' '
format: raw
tags:
- credentials
- module
- name: <user-defined-name>
type: <module/logtype/directory/service>
location: ' '
format: <json, raw, ascii>
tags:
- <descriptive tag>
- ...no tag limit
network:
- read_timeout: 10 # time in seconds
- write_timeout: 10 # time in seconds'
users_database:
path: /path/to/users.db
name: Module Name
identifier: MODN
database:
path: ./thri_db.sqlite # If the module requires its own database. Relative path.
data_sources: # The sources will be based on the bridge database schema
- name: nginx_logs # Table name
type: logs # Descriptive type
location: logs.db # Database name
format: json # Format of the data as sent to the bridge (marshalled / byte array)Bivrost is designed to be easy to use and to require minimal configuration. It is designed to be self-contained and to require no dependencies.
bivrost --config /path/to/config.yaml$ bivrost -h
Usage:
--config <string> Path to the configuration file (default "config.yaml")
--version Print version information
-h, --help Print this help message- Self-contained: Bivrost is a single binary with no dependencies.
- Modular: Bivrost is designed to be easy to extend and add new services and protocols.
- Fast: Bivrost is designed to be fast and efficient.
- Reliable: Bivrost is designed to be reliable and to handle a wide variety of different services and protocols.
Bivrost is integrated with TheValve, where TheValve serves as a secure storage and cryptographic service for Bivrost.
- Hashing algorithm and key derivation: Argon2 HMAC-SHA256
- Tokens (JWT-HS256)
- sqlite3
- Go version > 1.21
- gcc (for go-sqlite3 as it requires cgo)
TBD