README.md 1.29 KB
Newer Older
Arne Øslebø's avatar
Arne Øslebø committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
SOCTools
=========

SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence.

Installation
------------

Edit inventories/deploy/hosts.yml and change "host1" to the fqdn or IP address of the server where the tools should be installed. The playbook has been tested on Debian Stretch and CentOS 7.
The role soctools_server makes sure that docker	is properly installed on the server. To	prevent	the playbook to	make any changes to the server besides setting up docker networks and	containers, this role can	be removed.

Run the ansible playbook:

  ansible-playbook -i inventories/deploy/hosts.yml deploy.yml

This will install the following docker images:
 * zookeeper:latest
 * haproxy:latest
 * apache/nifi:latest

While the ansible playbook supports multiple servers, the current configuration of NiFi and haproxy only supports a single server.

Building images
---------------

Images that are not offical Docker images can be built from scratch by running:

   ansible-playbook -i inventories/build/hosts.yml build_images.yml

Edit the files under inventories/deploy/group_vars to specify that built images should be used. Currently only NiFi is built from scratch.

License
-------

BSD

Author Information
------------------

GEANT WP8