Overview
Echo is the an up and coming web application for InfoSec information at Tufts. Stay tuned!
| Table of Contents |
|---|
Usage
Echo provides information sourced from various logs from university systems to Tufts staff for the purpose of providing support to the community.
Dashboard
The dashboard provides a quick overview of events on campus. The "My Groups" and "My VIPS" panels show which support groups and people you are tracking, respectively. The group selections determine which events show up in the "My Recent Events" panel, which only displays events tied to UTLNs supported by the groups you have chosen. The VIPs panel will automatically list any VIPs with current events at the top, with a red exclamation point next to the name. You can edit your groups and vips on the Settings page.
The dashboard also includes a search bar, which allows you to search by UTLN or IP address. These fields are populated as events come in, so if a UTLN or IP address has never had an event since Echo started, it will return "not found". Otherwise, it will take you to the page for the person or machine and list all relevant events.
Finally, the dashboard also has a chart section which shows you some school-wide interesting information.
Events
The events pages list all events in their respective categories, school-wide. An "event" is actually a collation of any number of logs, or "messages" that come in regarding a specific UTLN. Events are collated on a rolling 24-hour basis: if a message comes in within 24 hours of an earlier message for the same UTLN and in the same category, it will be combined into the same event. All event categories have 48 and week views. You can view individual message information on the page for any single event.
Lockouts
Information regarding AD lockouts. Sourced from Microsoft Kerberos lockout logs.
Infections
Information regarding compromised computers. Sourced from FireEye; Trend and Metaflows soon to come.
Metrics
This nascent page is for showing school-wide information and trends in graphical formats. Right now, there is one chart-events over the past week-organized by time on the X axis, severity on the Y axis, and color coded to indicate status: red for VIPs, purple for staff and faculty, and blue for students. I hope to create more charts and metrics; please contact me with any ideas!
Tools
Whowas
Provides user identity information given a UTLN and a timestamp. This currently only searches wired and "normal" wifi connections -- Secure Wifi and VPN are in the planning stages. The information is sourced from DHCP logs and Bluecat Proteus. Please be aware the Proteus can have incorrect information, so in critical situations a second source is recommended.
Settings
Here you can add or remove groups and people (VIPs) to track. Your selections will show up on your dashboard.
Bug Reports
- Please add bug reports here.
Feature Requests
- Please add feature requests here.
Please new service from TTS Info Sec that allows IT staff to look up information relating to virus infections, account lockouts, and more. Echo can be accessed at https://echo.uit.tufts.edu
In order to log in with your Tufts password, you must first be granted access by contacting TTS Information Security at infosec-ticket@tufts.edu.
Bug Reports
IMPORTANT: FireEye messages are being dropped because of a bug regarding staying logged into BlueCat (Jess -- working on this now)FixedDates go in reverse order on message pagesFixed
Feature Requests
- Secure WiFi and VPN lookups for WhoWas tool (Jess)
Trend Micro and Metaflows data for infection events (Jess)Done- LDAP integration for automatic privileges for TuftsTools authorized users (suggested by Lee) (Not going to do yet as I want to keep track of Echo users more closely during alpha/beta stages)
...
Please contact Jess Frisch (jess.frisch@tufts.edu) with any questions or concerns regarding Echo.