README.md 2.15 KB
Newer Older
Arne Øslebø's avatar
Arne Øslebø committed
1
2
3
4
5
6
7
8
SOCTools
=========

SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence.

Installation
------------

9
10
Do a minimal installation of CentOS 7.

Arne Øslebø's avatar
Arne Øslebø committed
11
12
13
14
Log in and install ansible:  
`yum -y install epel-release`  
`yum -y install ansible git`  
`ansible-galaxy collection install ansible.posix`
15

16
17
Clone soctools:
Temporary solution: Upload your ssh key to gitlab.geant.org
Arne Øslebø's avatar
Arne Øslebø committed
18
`git clone git@gitlab.geant.org:gn4-3-wp8-t3.1-soc/soctools.git`
Arne Øslebø's avatar
Arne Øslebø committed
19
`cd soctools`
20
21

Install soctools:
22
Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it point to the FQDN of the server.  
Arne Øslebø's avatar
Arne Øslebø committed
23
`vi group_vars/all/main.yml`  
Bozidar Proevski's avatar
Bozidar Proevski committed
24
The first entry in the soctools_users variable is the user with full admin privileges in NiFi and Kibana.
Arne Øslebø's avatar
Arne Øslebø committed
25

Arne Øslebø's avatar
Arne Øslebø committed
26
To configure the server running soctools, run the ansible playbook:  
Arne Øslebø's avatar
Arne Øslebø committed
27
`ansible-playbook -i inventories soctools_server.yml`
28

Arne Øslebø's avatar
Arne Øslebø committed
29
To build the Docker images needed, run the ansible playbook:  
Arne Øslebø's avatar
Arne Øslebø committed
30
`ansible-playbook -i inventories buildimages.yml`
Arne Øslebø's avatar
Arne Øslebø committed
31
32

To build the CA needed for host and user certificates, run the ansible playbook:  
Arne Øslebø's avatar
Arne Øslebø committed
33
`ansible-playbook -i inventories buildca.yml`
Arne Øslebø's avatar
Arne Øslebø committed
34

Kiril KJiroski's avatar
Kiril KJiroski committed
35
36
37
If using soclab CA certificates provided with this installation, you first need to download and import root certificate found at roles/ca/files/CA/ca.crt. 
For Windows, CA certificate should be installed in Trusted Root Certification Authorities store. 

38
User certificates are can be found in the directory roles/ca/files/CA/private. Import into browser for authentication.
Kiril KJiroski's avatar
Kiril KJiroski committed
39
For Windows, user certificate should be installed in Personal store. 
40

Arne Øslebø's avatar
Arne Øslebø committed
41
To start the cluster, run the ansible playbook soctools.yml:  
Arne Øslebø's avatar
Arne Øslebø committed
42
`ansible-playbook -i inventories soctools.yml -t start`
Arne Øslebø's avatar
Arne Øslebø committed
43

Arne Øslebø's avatar
Arne Øslebø committed
44
To stop the cluster, run the ansible playbook soctools.yml:  
Arne Øslebø's avatar
Arne Øslebø committed
45
`ansible-playbook -i inventories soctools.yml -t stop`
Bozidar Proevski's avatar
Bozidar Proevski committed
46

47
48
49
Web interfaces are available on the following ports:
 * 9443 - NiFi
 * 5601 - Kibana
Arne Øslebø's avatar
Arne Øslebø committed
50
 * 6443 - Misp : Default user/password: admin@admin.test/test
51
 * 9000 - The Hive : Default user/password: admin@thehive.local/secret
52
 * 9001 - Cortex
Arne Øslebø's avatar
Arne Øslebø committed
53
 * 12443 - Keycloak : Default user/password: admin/Pass005
Arne Øslebø's avatar
Arne Øslebø committed
54

Arne Øslebø's avatar
Arne Øslebø committed
55
56
57
58
59
60
61
62
License
-------

BSD

Author Information
------------------

Bozidar Proevski's avatar
Bozidar Proevski committed
63
GEANT WP8