Commit efe7e164 authored by Arne Øslebø's avatar Arne Øslebø
Browse files

Update doc/

parent 3e93edad
# Installation
The current version of SOCTools only runs on a single server. A fully distributed versiob will be released soon.
## Hardware requirements
* CPU: 8 cores
* Memory: 32GB (It is possible to run on less but it is not recommended)
* Disk: >30GB (This depends entirely on how much data you want to collect and how long you want to keep the data. For just testing SOCTools, 30GB is enough.)
## Prerequisites
* Minimal installation of CentOS7
* Install Ansible
* `yum -y install epel-release`
* `yum -y install ansible git`
* `ansible-galaxy collection install ansible.posix`
## Clone SOCTools
* `git clone`
* `cd soctools`
## Install SOCTools
Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it points to the FQDN of the server.
* `vi group_vars/all/main.yml`
If you want to use MaxMind GeoLite2 database for enrichment, add the license key to the variable 'maxmind_key'
Users can be configured in the file group_vars/all/users.yml
* `vi group_vars/all/users.yml`
Configure the server running SOCTools:
* `ansible-playbook -i inventories soctools_server.yml`
Build the Docker images:
* `ansible-playbook -i inventories buildimages.yml`
Build SOCTools CA needed for service and user certificates:
* `ansible-playbook -i inventories buildca.yml`
Start SOCTools:
* `ansible-playbook -i inventories soctools.yml -t start`
Stop SOCTools:
* `ansible-playbook -i inventories soctools.yml -t stop`
## Certificates
To access the web interfaces of the various services in SOCTools, you need to import the root certificate located in `secrets/CA/ca.crt`. For windows the CA certificate should be installed in the Trusted Root Certficiation Authorities store.
User authentication is done using client certificates. A certificate is generated automatically for all users specified in the file `group_vars/all/users.yml`and can be found in the directory `secrets/certificates`. Passwords for the certificates can be fdound in the directory `secrets/passwords`
## Web interfaces
All Web interfaces of the various services are access by going to `https://<server name>:<port>/`using the following port numbers:
* 9443 - NiFi
* 5601 - Kibana
* 6443 - Misp
* 9000 - The Hive
* 9001 - Cortex
* 12443 - Keycloak
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment