Skip to content
Snippets Groups Projects
Commit 16fb12c7 authored by Arne Øslebø's avatar Arne Øslebø
Browse files

integrating nifi and misp

parent 5c60d0c3
Branches
Tags
No related merge requests found
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
soctoolsproxy: "<CHANGE_ME:hostname>" soctoolsproxy: "<CHANGE_ME:hostname>"
maxmind_key: ""
docker_build_dir: "{{playbook_dir}}/build" docker_build_dir: "{{playbook_dir}}/build"
# TheHive Button plugin # TheHive Button plugin
...@@ -36,6 +38,7 @@ zookeeper_img: "{{repo}}/zookeeper:{{version}}{{suffix}}" ...@@ -36,6 +38,7 @@ zookeeper_img: "{{repo}}/zookeeper:{{version}}{{suffix}}"
misp_name: "soctools-misp" misp_name: "soctools-misp"
misp_img: "{{repo}}/misp:{{version}}{{suffix}}" misp_img: "{{repo}}/misp:{{version}}{{suffix}}"
misp_url: "https://{{soctoolsproxy}}:6443"
nifi_img: "{{repo}}/nifi:{{version}}{{suffix}}" nifi_img: "{{repo}}/nifi:{{version}}{{suffix}}"
...@@ -79,9 +82,6 @@ openid_subjkey: preferred_username ...@@ -79,9 +82,6 @@ openid_subjkey: preferred_username
keycloak_img: "{{repo}}/keycloak:{{version}}{{suffix}}" keycloak_img: "{{repo}}/keycloak:{{version}}{{suffix}}"
elastic_username: "admin" elastic_username: "admin"
misp_token: ""
misp_url: ""
maxmind_key: ""
misp_dbname: "mispdb" misp_dbname: "mispdb"
misp_dbuser: "misp" misp_dbuser: "misp"
......
...@@ -33,12 +33,6 @@ ...@@ -33,12 +33,6 @@
misp_api_key: "{{ get_output.stdout }}" misp_api_key: "{{ get_output.stdout }}"
when: '"initialised" in init_output.stdout' when: '"initialised" in init_output.stdout'
- name: Store API key
copy:
content: "{{misp_api_key}}"
dest: "{{playbook_dir}}/secrets/tokens/misp"
delegate_to: 127.0.0.1
- name: add users - name: add users
uri: uri:
url: "https://{{soctoolsproxy}}:6443/admin/users/add/1" url: "https://{{soctoolsproxy}}:6443/admin/users/add/1"
...@@ -53,6 +47,16 @@ ...@@ -53,6 +47,16 @@
with_items: with_items:
- "{{soctools_users}}" - "{{soctools_users}}"
- name: Get user API key
shell: '/var/www/MISP/app/Console/cake Admin getAuthkey {{soctools_users[0].email}} | /usr/bin/tail -n1'
register: user_key
- name: Store user API key
copy:
content: "{{ user_key.stdout }}"
dest: "{{playbook_dir}}/secrets/tokens/misp"
delegate_to: 127.0.0.1
- name: Enable feed - name: Enable feed
uri: uri:
url: "https://{{soctoolsproxy}}:6443/feeds/edit/1" url: "https://{{soctoolsproxy}}:6443/feeds/edit/1"
...@@ -70,7 +74,19 @@ ...@@ -70,7 +74,19 @@
- fetchFeed - fetchFeed
- cacheFeed - cacheFeed
- name: Set Autostart for supervisord's services - name: Add example event
uri:
url:
url: "https://{{soctoolsproxy}}:6443/events"
method: POST
body_format: json
headers:
Authorization: "{{misp_api_key}}"
Accept: "application/json"
Content-type: "application/json"
body: '{"Event":{"date":"{{ansible_date_time.date}}","threat_level_id":"1","info":"testevent","published":true,"analysis":"0","distribution":"0","Attribute":[{"type":"domain","category":"Network activity","to_ids":false,"distribution":"0","comment":"","value":"example.evil"},{"type":"ip-dst","category":"Network activity","to_ids":false,"distribution":"0","comment":"","value":"10.10.10.10"}]}}'
- name: Set Autostart for supervisord services
replace: replace:
path: /etc/supervisord.conf path: /etc/supervisord.conf
regexp: '^autostart=false$' regexp: '^autostart=false$'
......
...@@ -20,11 +20,18 @@ ...@@ -20,11 +20,18 @@
- "{{playbook_dir}}/secrets/CA/cacerts.jks" - "{{playbook_dir}}/secrets/CA/cacerts.jks"
- common-cacerts.jks - common-cacerts.jks
- name: Check if flow.xml already exists
remote_user: nifi
stat:
path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
register: flowfile
- name: Configure flow.xml - name: Configure flow.xml
remote_user: nifi remote_user: nifi
template: template:
src: "flow.xml.j2" src: "flow.xml.j2"
dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml" dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
when: not flowfile.stat.exists
- name: Gzip flow.xml - name: Gzip flow.xml
remote_user: nifi remote_user: nifi
...@@ -32,6 +39,7 @@ ...@@ -32,6 +39,7 @@
path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml" path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz" dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
format: gz format: gz
when: not flowfile.stat.exists
- name: Get openid authkey - name: Get openid authkey
remote_user: nifi remote_user: nifi
......
--- ---
- name: Check if flow.xml already exists
remote_user: nifi
stat:
path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
register: flowfile
- name: Configure flow.xml - name: Configure flow.xml
remote_user: nifi remote_user: nifi
template: template:
src: "flow.xml.j2" src: "flow.xml.j2"
dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml" dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
when: not flowfile.stat.exists
- name: Gzip flow.xml - name: Gzip flow.xml
remote_user: nifi remote_user: nifi
...@@ -12,6 +19,7 @@ ...@@ -12,6 +19,7 @@
path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml" path: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml"
dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz" dest: "{{ ansible_facts.env['NIFI_HOME'] }}/conf/flow.xml.gz"
format: gz format: gz
when: not flowfile.stat.exists
- name: Configure NiFi boostrap properties - name: Configure NiFi boostrap properties
remote_user: nifi remote_user: nifi
......
This diff is collapsed.
...@@ -166,8 +166,8 @@ nifi.security.ocsp.responder.certificate= ...@@ -166,8 +166,8 @@ nifi.security.ocsp.responder.certificate=
# OpenId Connect SSO Properties # # OpenId Connect SSO Properties #
nifi.security.user.oidc.discovery.url=https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration nifi.security.user.oidc.discovery.url=https://{{soctoolsproxy}}:12443/auth/realms/{{openid_realm}}/.well-known/openid-configuration
nifi.security.user.oidc.connect.timeout=5 secs nifi.security.user.oidc.connect.timeout=10 secs
nifi.security.user.oidc.read.timeout=5 secs nifi.security.user.oidc.read.timeout=10 secs
nifi.security.user.oidc.client.id=soctools-nifi nifi.security.user.oidc.client.id=soctools-nifi
nifi.security.user.oidc.client.secret={{nifisecret.value}} nifi.security.user.oidc.client.secret={{nifisecret.value}}
nifi.security.user.oidc.preferred.jwsalgorithm= nifi.security.user.oidc.preferred.jwsalgorithm=
......
...@@ -25,6 +25,11 @@ ...@@ -25,6 +25,11 @@
roles: roles:
- keycloak - keycloak
- name: Reconfigure and start MISP
hosts: mispcontainers
roles:
- misp
- name: Reconfigure and start NiFi - name: Reconfigure and start NiFi
hosts: nificontainers hosts: nificontainers
roles: roles:
...@@ -40,11 +45,6 @@ ...@@ -40,11 +45,6 @@
roles: roles:
- odfekibana - odfekibana
- name: Reconfigure and start MISP
hosts: mispcontainers
roles:
- misp
- name: Install and run filebeat - name: Install and run filebeat
hosts: filebeat hosts: filebeat
roles: roles:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment