Commit 1d33dd14 authored by Temur Maisuradze's avatar Temur Maisuradze
Browse files

Cortes integration from Kiril

parent fb9d1653
......@@ -5,13 +5,13 @@ RUN echo "[thehive-project]" > /etc/yum.repos.d/thehive.repo && \
echo "enabled=1" >> /etc/yum.repos.d/thehive.repo && \
echo "priority=1" >> /etc/yum.repos.d/thehive.repo && \
echo "name=TheHive-Project RPM repository" >> /etc/yum.repos.d/thehive.repo && \
echo "baseurl=http://rpm.thehive-project.org/stable/noarch" >> /etc/yum.repos.d/thehive.repo && \
echo "baseurl=https://rpm.thehive-project.org/release/noarch" >> /etc/yum.repos.d/thehive.repo && \
echo "gpgcheck=1" >> /etc/yum.repos.d/thehive.repo && \
yum install -y epel-release && \
rpm --import https://raw.githubusercontent.com/TheHive-Project/TheHive/master/PGP-PUBLIC-KEY && \
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch && \
yum install -y cortex supervisor rsync daemonize vim net-tools telnet htop python3-pip.noarch git gcc python3-devel.x86_64 ssdeep-devel.x86_64 python3-wheel.noarch libexif-devel.x86_64 libexif.x86_64 perl-Image-ExifTool.noarch gcc-c++ whois && \
rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.13.rpm && \
rpm -Uvh https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-7.10.2-x86_64.rpm && \
chown -R elasticsearch:elasticsearch /etc/elasticsearch && \
mkdir -p /home/cortex && \
chown -R cortex:cortex /home/cortex && \
......
......@@ -35,7 +35,7 @@ search {
## ## Authentication configuration
## search.username = "cortex"
## search.password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
##
##
## ## SSL configuration
## search.keyStore {
## path = "/etc/cortex/soctools-cortex.p12"
......@@ -57,57 +57,57 @@ cache.job = 10 minutes
## Authentication
auth {
# "provider" parameter contains the authentication provider(s). It can be multi-valued, which is useful
# for migration.
# The available auth types are:
# - services.LocalAuthSrv : passwords are stored in the user entity within ElasticSearch). No
# configuration are required.
# - ad : use ActiveDirectory to authenticate users. The associated configuration shall be done in
# the "ad" section below.
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
# "ldap" section below.
provider = [local,oauth2]
ad {
# The Windows domain name in DNS format. This parameter is required if you do not use
# 'serverNames' below.
#domainFQDN = "mydomain.local"
# Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
# above. If this parameter is not set, TheHive uses 'domainFQDN'.
#serverNames = [ad1.mydomain.local, ad2.mydomain.local]
# The Windows domain name using short format. This parameter is required.
#domainName = "MYDOMAIN"
# If 'true', use SSL to connect to the domain controller.
#useSSL = true
}
ldap {
# The LDAP server name or address. The port can be specified using the 'host:port'
# syntax. This parameter is required if you don't use 'serverNames' below.
#serverName = "ldap.mydomain.local:389"
# If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
#serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
# Account to use to bind to the LDAP server. This parameter is required.
#bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
# Password of the binding account. This parameter is required.
#bindPW = "***secret*password***"
# Base DN to search users. This parameter is required.
#baseDN = "ou=users,dc=mydomain,dc=local"
# Filter to search user in the directory server. Please note that {0} is replaced
# by the actual user name. This parameter is required.
#filter = "(cn={0})"
# If 'true', use SSL to connect to the LDAP directory server.
#useSSL = true
}
# "provider" parameter contains the authentication provider(s). It can be multi-valued, which is useful
# for migration.
# The available auth types are:
# - services.LocalAuthSrv : passwords are stored in the user entity within ElasticSearch). No
# configuration are required.
# - ad : use ActiveDirectory to authenticate users. The associated configuration shall be done in
# the "ad" section below.
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
# "ldap" section below.
provider = [local,oauth2]
ad {
# The Windows domain name in DNS format. This parameter is required if you do not use
# 'serverNames' below.
#domainFQDN = "mydomain.local"
# Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
# above. If this parameter is not set, TheHive uses 'domainFQDN'.
#serverNames = [ad1.mydomain.local, ad2.mydomain.local]
# The Windows domain name using short format. This parameter is required.
#domainName = "MYDOMAIN"
# If 'true', use SSL to connect to the domain controller.
#useSSL = true
}
ldap {
# The LDAP server name or address. The port can be specified using the 'host:port'
# syntax. This parameter is required if you don't use 'serverNames' below.
#serverName = "ldap.mydomain.local:389"
# If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
#serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
# Account to use to bind to the LDAP server. This parameter is required.
#bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
# Password of the binding account. This parameter is required.
#bindPW = "***secret*password***"
# Base DN to search users. This parameter is required.
#baseDN = "ou=users,dc=mydomain,dc=local"
# Filter to search user in the directory server. Please note that {0} is replaced
# by the actual user name. This parameter is required.
#filter = "(cn={0})"
# If 'true', use SSL to connect to the LDAP directory server.
#useSSL = true
}
oauth2 {
# URL of the authorization server
clientId = "soctools-cortex"
......@@ -120,14 +120,14 @@ auth {
authorizationUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/auth"
authorizationHeader = "Bearer"
tokenUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/token"
# The endpoint from which to obtain user details using the OAuth token, after successful login
userUrl = "https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/protocol/openid-connect/userinfo"
scope = "profile"
# scope = "profile"
userIdField = "email"
#userUrl = "https://auth-site.com/api/User"
#scope = ["openid profile"]
scope = ["openid email profile offline_access User.Read"]
}
ws.ssl.trustManager {
......@@ -143,48 +143,18 @@ auth {
# Single-Sign On
sso {
# Autocreate user in database?
autocreate = true
# Autoupdate its profile and roles?
autoupdate = true
# Autologin user using SSO?
autocreate = false
autoupdate = false
autologin = true
# Name of mapping class from user resource to backend user ('simple' or 'group')
#mapper = group
#mapper = simple
#attributes {
# login = "user"
# name = "name"
# groups = "groups"
# organization = "org"
#}
# defaultRoles = ["read", "write", "admin"]
# defaultOrganization = "{{domain}}"
#defaultRoles = ["read"]
#defaultOrganization = "csirt"
#groups {
# # URL to retreive groups (leave empty if you are using OIDC)
# #url = "https://auth-site.com/api/Groups"
# # Group mappings, you can have multiple roles for each group: they are merged
# mappings {
# admin-profile-name = ["admin"]
# editor-profile-name = ["write"]
# reader-profile-name = ["read"]
# }
#}
defaultRoles = ["read"]
defaultOrganization = "{{domain}}"
mapper = simple
attributes {
login = "user"
name = "name"
login = "email"
name = "email"
roles = "roles"
organization = "org"
}
defaultRoles = ["read", "analyze"]
defaultOrganization = "{{domain}}"
}
}
......@@ -232,3 +202,5 @@ responder {
}
# It's the end my friend. Happy hunting!
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment