Commit 3e93edad authored by Arne Øslebø's avatar Arne Øslebø
Browse files

restructured README file

parent 75be43b2
SOCTools
=========
# SOCTools
SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence.
SOCTools is a collection of tools for collecting, enriching and analysing logs and other security data, threat information sharing and incident handling. It is comprised of the following components:
* [Apache Nifi](https://nifi.apache.org/)
* [Open Distro for Elasticsearch and Kibana](https://opendistro.github.io/for-elasticsearch/)
* [MISP](https://www.misp-project.org/)
* [The Hive and Cortex](https://thehive-project.org/)
* [Keycloak](https://www.keycloak.org/)
Installation
------------
SOCTools aims at being easy to install and that all components should be fully integrated so that everything feels like one single application.
Do a minimal installation of CentOS 7.
## Documentation
Log in and install ansible:
`yum -y install epel-release`
`yum -y install ansible git`
`ansible-galaxy collection install ansible.posix`
* [Architecture](doc/architecture.md)
* [Installation](doc/install.md)
* Example use case
Clone soctools:
Temporary solution: Upload your ssh key to gitlab.geant.org
`git clone git@gitlab.geant.org:gn4-3-wp8-t3.1-soc/soctools.git`
`cd soctools`
## License
Install soctools:
Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it point to the FQDN of the server.
`vi group_vars/all/main.yml`
Users are specified in the file:
`group_vars/all/users.yml`
To configure the server running soctools, run the ansible playbook:
`ansible-playbook -i inventories soctools_server.yml`
To build the Docker images needed, run the ansible playbook:
`ansible-playbook -i inventories buildimages.yml`
To build the CA needed for host and user certificates, run the ansible playbook:
`ansible-playbook -i inventories buildca.yml`
If using soctools CA certificates provided with this installation, you first need to download and import root certificate found in secrets/CA/ca.crt
For Windows, CA certificate should be installed in Trusted Root Certification Authorities store.
User certificates are can be found in the directory secrets/certificates. Import into browser for authentication.
For Windows, user certificate should be installed in Personal store. Passwords for the certificates can be found in the directory secrets/passwords.
To start the cluster, run the ansible playbook soctools.yml:
`ansible-playbook -i inventories soctools.yml -t start`
To stop the cluster, run the ansible playbook soctools.yml:
`ansible-playbook -i inventories soctools.yml -t stop`
Web interfaces are available on the following ports:
* 9443 - NiFi
* 5601 - Kibana
* 6443 - Misp : Default user/password: admin@admin.test/test
* 9000 - The Hive : Default user/password: admin@thehive.local/secret
* 9001 - Cortex
* 12443 - Keycloak : Default user/password: admin/Pass005
BSD
License
-------
## Funding
BSD
As part of the GÉANT 2020 Framework Partnership Agreement (FPA), the project receives funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 856726 (GN4-3).
Author Information
------------------
## Developers
GEANT WP8
Arne Oslebo
Bozidar Proevski
Fredrik Pettai
Kiril Kjiroski
Temur Maisuradze
Vaclav Bartos
\ No newline at end of file
# Architecture
\ No newline at end of file
# Installation
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment