SIPCMBEAT collects plain-text SIP (RFC3261) traffic from the net and generates comprehensible aggregated SIP events that describe calls and registrations. The events comply to Elastic Common Schema (ECS), include custom SIP-specific extensions and can be used by applications building upon the popular Elastic Search database. There they can be further used for CDR post-processing and reconciliation, troubleshooting and most importantly security analytics.
SIPCMBEAT is based on a SIP stack developed to meet the goals of a security analytics probe. It aggregates SIP signaling in comprehensible events, filters unnecessary information, encrypts sensitive data, produces the events and sends them to ElasticSearch using Elastic libbeat library. Further features include built-in web server, UDP/Tcp processing to accomodate the SIP stack, and throttling of recurrent patterns.
Find the source here.
SIPCMBEAT comes under source-available software licence agreement that permits non-commercial use of the software such as for trialing, experimenting, auditing, research, testing, evaluation and educational purposes. For any other purposes contact firstname.lastname@example.org.