README.md 1.29 KB
Newer Older
Arne Øslebø's avatar
Arne Øslebø committed
1
2
3
4
5
6
7
8
9
10
11
12
13
SOCTools
=========

SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence.

Installation
------------

Edit inventories/deploy/hosts.yml and change "host1" to the fqdn or IP address of the server where the tools should be installed. The playbook has been tested on Debian Stretch and CentOS 7.
The role soctools_server makes sure that docker	is properly installed on the server. To	prevent	the playbook to	make any changes to the server besides setting up docker networks and	containers, this role can	be removed.

Run the ansible playbook:

Arne Øslebø's avatar
Arne Øslebø committed
14
`ansible-playbook -i inventories/deploy/hosts.yml deploy.yml`
Arne Øslebø's avatar
Arne Øslebø committed
15
16
17
18
19
20
21
22
23
24
25
26
27

This will install the following docker images:
 * zookeeper:latest
 * haproxy:latest
 * apache/nifi:latest

While the ansible playbook supports multiple servers, the current configuration of NiFi and haproxy only supports a single server.

Building images
---------------

Images that are not offical Docker images can be built from scratch by running:

Arne Øslebø's avatar
Arne Øslebø committed
28
`ansible-playbook -i inventories/build/hosts.yml build_images.yml`
Arne Øslebø's avatar
Arne Øslebø committed
29
30
31
32
33
34
35
36
37
38
39
40

Edit the files under inventories/deploy/group_vars to specify that built images should be used. Currently only NiFi is built from scratch.

License
-------

BSD

Author Information
------------------

GEANT WP8