README.md 1.31 KB
Newer Older
Arne Øslebø's avatar
Arne Øslebø committed
1
2
3
4
5
6
7
8
SOCTools
=========

SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence.

Installation
------------

Bozidar Proevski's avatar
Bozidar Proevski committed
9
Edit soctools-inventory and add the desired docker containers to be deployed. The playbook has been tested on CentOS 7.
Bozidar Proevski's avatar
Bozidar Proevski committed
10
Review *all* settings in group_vars/all/main.yml.
Bozidar Proevski's avatar
Bozidar Proevski committed
11
The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana.
Arne Øslebø's avatar
Arne Øslebø committed
12

13
14
To build the Docker images needed, run the ansible playbook:
`ansible-playbook -i soctools-inventory buildimages.yml`
Arne Øslebø's avatar
Arne Øslebø committed
15

16
17
18
To build the CA needed for host and user certificates, run the ansible playbook:
`ansible-playbook -i soctools-inventory buildca.yml`
User certificates are exported in roles/ca/files/CA/private.
Arne Øslebø's avatar
Arne Øslebø committed
19

20
To start and stop the cluster, run the ansible playbook soctools.yml:
Bozidar Proevski's avatar
Bozidar Proevski committed
21
22
23
`ansible-playbook -i soctools-inventory soctools.yml -t start` to start the cluster.
`ansible-playbook -i soctools-inventory soctools.yml -t stop` to stop the cluster.

Bozidar Proevski's avatar
Bozidar Proevski committed
24
25
26
The NiFi interface should now be available on port 9443 on the server.
The OpenDistro for Elasticsearch interface should now be available on port 5601 on the server.
The Keycloak IdP interface should now be available on port 12443 on the server.
Arne Øslebø's avatar
Arne Øslebø committed
27

Arne Øslebø's avatar
Arne Øslebø committed
28
29
30
31
32
33
34
35
License
-------

BSD

Author Information
------------------

Bozidar Proevski's avatar
Bozidar Proevski committed
36
GEANT WP8