In August 2014, Jon Schipp started the Open (-Source) Network Security Monitoring Group (OpenNSM). Jon is a security engineer at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. In his announcement on the project's mailing list, Jon wrote:
The idea for this group came from a suggestion in Richard Bejtlich's most recent book, where he mentions it would be nice to see NSM groups spawn up all over much like other software user groups and for the same reasons.
Network security monitoring is the collection, analysis, and escalation of indications and warnings to detect and respond to intrusions. It is an operational campaign supporting a strategy of identifying and removing intruders before they accomplish their mission, thereby implementing a policy of minimizing loss due to intrusions. At the tactical and tool level, NSM relies on instrumenting the network and applying hunting and matching to find intruders.
Long-time blog readers know that I have developed and advocated NSM since the late 1990s, when I learned the practice at the Air Force Computer Emergency Response Team (AFCERT).
I am really pleased to see this group holding weekly meetings, which are available live or as recordings at YouTube.
The group is seeking funding and sponsorship to build a NSM laboratory and conduct research projects. They want to give students and active members hands-on experience with NSM tools and tactics to conduct defensive operations. They outline their plans for funding in this Google document.
I decided to support this group first as an individual, so I just donated $100 to the cause. If you are a like-minded individual, or perhaps represent an organization or company, please consider donating via GoFundMe to support this OpenNSM group and their project. You can also follow them @opennsm and Facebook, and check out their notes at code at GitHub. Thank you!