This repository is where the development of the Observable Networks Appliance (ONA) takes place. The ONA software is used to collect input data for Observable Networks' network security service. It can run on a variety of platforms, including embedded computers, physical servers, virtual machines, cloud servers, and Docker containers.
The following platforms are officially supported:
- Ubuntu 18.04 and later
- RHEL 7 and compatible
- RHEL 8 and compatible
- Raspberry Pi with Raspbian (ARMHF) (installation guide)
- Raspberry Pi with Raspbian (ARM64) (installation guide)
- Docker
To install the latest version on 20.04 (recommended for physical and virtual machine installations):
$ wget https://assets-production.obsrvbl.com/ona-packages/obsrvbl-ona/v5.1.2/ona-service_UbuntuXenial_amd64.deb
$ sudo apt install ./ona-service_UbuntuXenial_amd64.deb
To monitor NetFlow traffic, you'll also need to install tools from the CERT NetSA Security Suite:
$ wget https://assets-production.obsrvbl.com/ona-packages/netsa/v0.1.27/netsa-pkg.deb
$ sudo apt install ./netsa-pkg.deb
The ONA is composed of a number of configurable services, supervised by a single system service, obsrvbl-ona.
Control which services are running by editing /opt/obsrvbl-ona/config.local.
Some of the services include:
- ONA Service: Monitors for configuration updates
- PNA Service - Collects and uploads IP traffic metadata from system network interfaces
- IPFIX Capturer - Collects and uploads NetFlow, IPFIX, or sFlow data from remote exporters
- Hostname Resolver - Resolve active IPs to local hostnames
- Log watcher: Monitors and uploads the sensor's authentication logs
- PDNS Capturer - Collects and uploads passive DNS queries