Awesome Open Source
Awesome Open Source

Join the chat at https://gitter.im/Patrowl/Support Known Vulnerabilities SonarCloud Build Status Codacy Badge Rawsec's CyberSecurity Inventory

PatrOwl

PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations.
PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations (scans, searches, API calls, ...), aggregating the results, relaying alerts on third parties (ex: Incident Response platform like TheHive, Splunk, ...) and providing the reports and dashboards. Operations are performed by the PatrowlEngines instances. Don't forget to install and deploy them ;)

Project pitch desk

PatrOwl Pitch Desk

Try it now!

To try PatrOwl, install it by reading the Installation Guide and the User Guide.

Architecture

Fully-Developed in Python, PatrOwl is composed of a Front-end application PatrowlManager (Django) communicating with one or multiple PatrowlEngines micro-applications (Flask) which perform the scans, analyze the results and format them in a normalized way. It remains incredibly easy to customize all components. Asynchronous tasks and engine scalability are supported by RabbitMQ and Celery. Architecture
The PatrowlManager application is reachable using the embedded WEB interface or using the JSON-API. PatrowlEngines are only available through generic JSON-API calls (see Documentation).

License

PatrOwl is an open source and free software released under the AGPL (Affero General Public License). We are committed to ensure that PatrOwl will remain a free and open source project on the long-run.

Updates

Information, news and updates are regularly posted on Patrowl.io Twitter account.

Contributing

Please see our Code of conduct. We welcome your contributions. Please feel free to fork the code, play with it, make some patches and send us pull requests via issues.

Roadmap

  • [ ] Enhance finding states management
  • [ ] Support scan campaigns (multiple scan definition at once)
  • [ ] Support cache
  • [ ] Refactor static files (remove unused ?)

Follow our public roadmap on Trello here

Support

Please open an issue on GitHub if you'd like to report a bug or request a feature. We are also available on Gitter to help you out.

If you need to contact the project team, send an email to [email protected].

Pro Edition and SaaS

A commercial Pro Edition is available and officially supported by the PatrOwl company. It includes following extra and awesome features:

  • [x] Advanced user management
  • [x] RBAC: Multiple roles are supported to restrict users privileges on features
  • [x] Multi-tenancy: assets and scans results can be shared with user teams
  • [x] 3rd party authentication: Azure Active Directory, ADFS (Windows 2012 and 2016), LDAP
  • [x] Terraform+Ansible deployment scripts
  • [x] Pro Engines including: ZAP, Nikto, Microsoft Cloud App Security, CloudSploit and Onyphe
  • [x] Pro Support
  • [ ] Autonomous asset discovery (in progress, planned to Q2 2021)
  • [ ] Vulnerability prioritization (in progress, planned to Q1 2021)
  • [ ] Ticketing system integration, including JIRA, ServiceNow, ZenDesk and GLPI (in progress, planned to Q2 2021)

This version is also available on the official SaaS platform. See: https://patrowl.io/get-started

Commercial Services

Looking for advanced support, training, integration, custom developments, dual-licensing ? Contact us at [email protected]

Security contact

Please disclose any security-related issues or vulnerabilities by emailing [email protected], instead of using the public issue tracker.

Copyright

Copyright (C) 2018-2021 Nicolas MATTIOCCO (@MaKyOtOx - [email protected])

Travis build status

Branch Status
master Build Status
develop Build Status

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Html (431,180
Api (22,117
Automation (6,751
Security Tools (1,670
Vulnerability (842
Ioc (586
Orchestration (384
Vulnerability Scanners (338
Threat Intelligence (278
Security Scanner (230
Threat Hunting (230
Security Automation (225
Incident Response (213
Vulnerability Detection (177
Related Projects