README.md 2.18 KB
Newer Older
Arne Øslebø's avatar
Arne Øslebø committed
1
2
3
4
5
6
7
8
SOCTools
=========

SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence.

Installation
------------

9
10
Do a minimal installation of CentOS 7.

Arne Øslebø's avatar
Arne Øslebø committed
11
12
13
14
Log in and install ansible:  
`yum -y install epel-release`  
`yum -y install ansible git`  
`ansible-galaxy collection install ansible.posix`
15

16
17
18
Clone soctools:
Temporary solution: Upload your ssh key to gitlab.geant.org
`git clone git@gitlab.geant.org:gn4-3-wp8-t3.1-soc/soctools.git`
Arne Øslebø's avatar
Arne Øslebø committed
19
`cd soctools`
20
21

Install soctools:
22
Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it point to the FQDN of the server.  
Arne Øslebø's avatar
Arne Øslebø committed
23
`vi group_vars/all/main.yml`  
24
25
Users are specified in the file:  
`group_vars/all/users.yml`  
Arne Øslebø's avatar
Arne Øslebø committed
26

Arne Øslebø's avatar
Arne Øslebø committed
27
To configure the server running soctools, run the ansible playbook:  
28
`ansible-playbook -i inventories soctools_server.yml`
29

Arne Øslebø's avatar
Arne Øslebø committed
30
To build the Docker images needed, run the ansible playbook:  
31
`ansible-playbook -i inventories buildimages.yml`
Arne Øslebø's avatar
Arne Øslebø committed
32
33

To build the CA needed for host and user certificates, run the ansible playbook:  
34
`ansible-playbook -i inventories buildca.yml`
Arne Øslebø's avatar
Arne Øslebø committed
35

36
37
38
39
40
If using soctools CA certificates provided with this installation, you first need to download and import root certificate found in secrets/CA/ca.crt   
For Windows, CA certificate should be installed in Trusted Root Certification Authorities store. 

User certificates are can be found in the directory secrets/certificates. Import into browser for authentication.
For Windows, user certificate should be installed in Personal store. Passwords for the certificates can be found in the directory secrets/passwords.   
41

Arne Øslebø's avatar
Arne Øslebø committed
42
To start the cluster, run the ansible playbook soctools.yml:  
43
`ansible-playbook -i inventories soctools.yml -t start`
Arne Øslebø's avatar
Arne Øslebø committed
44

Arne Øslebø's avatar
Arne Øslebø committed
45
To stop the cluster, run the ansible playbook soctools.yml:  
46
47
48
49
50
51
52
53
54
`ansible-playbook -i inventories soctools.yml -t stop`

Web interfaces are available on the following ports:
 * 9443 - NiFi
 * 5601 - Kibana
 * 6443 - Misp : Default user/password: admin@admin.test/test
 * 9000 - The Hive : Default user/password: admin@thehive.local/secret
 * 9001 - Cortex
 * 12443 - Keycloak : Default user/password: admin/Pass005
Arne Øslebø's avatar
Arne Øslebø committed
55

Arne Øslebø's avatar
Arne Øslebø committed
56
57
58
59
60
61
62
63
License
-------

BSD

Author Information
------------------

Bozidar Proevski's avatar
Bozidar Proevski committed
64
GEANT WP8