restructured README file

README.md

-SOCTools
-=========
+# SOCTools
 
-SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence.
+SOCTools is a collection of tools for collecting, enriching and analysing logs and other security data, threat information sharing and incident handling. It is comprised of the following components: 
+* [Apache Nifi](https://nifi.apache.org/)
+* [Open Distro for Elasticsearch and Kibana](https://opendistro.github.io/for-elasticsearch/)
+* [MISP](https://www.misp-project.org/)
+* [The Hive and Cortex](https://thehive-project.org/)
+* [Keycloak](https://www.keycloak.org/)
 
-Installation
-------------
+SOCTools aims at being easy to install and that all components should be fully integrated so that everything feels like one single application.
 
-Do a minimal installation of CentOS 7.
+## Documentation
 
-Log in and install ansible:  
-`yum -y install epel-release`  
-`yum -y install ansible git`  
-`ansible-galaxy collection install ansible.posix`
+* [Architecture](doc/architecture.md)
+* [Installation](doc/install.md)
+* Example use case
 
-Clone soctools:
-Temporary solution: Upload your ssh key to gitlab.geant.org
-`git clone git@gitlab.geant.org:gn4-3-wp8-t3.1-soc/soctools.git`
-`cd soctools`
+## License
 
-Install soctools:
-Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it point to the FQDN of the server.  
-`vi group_vars/all/main.yml`  
-Users are specified in the file:  
-`group_vars/all/users.yml`  
-
-To configure the server running soctools, run the ansible playbook:  
-`ansible-playbook -i inventories soctools_server.yml`
-
-To build the Docker images needed, run the ansible playbook:  
-`ansible-playbook -i inventories buildimages.yml`
-
-To build the CA needed for host and user certificates, run the ansible playbook:  
-`ansible-playbook -i inventories buildca.yml`
-
-If using soctools CA certificates provided with this installation, you first need to download and import root certificate found in secrets/CA/ca.crt   
-For Windows, CA certificate should be installed in Trusted Root Certification Authorities store. 
-
-User certificates are can be found in the directory secrets/certificates. Import into browser for authentication.
-For Windows, user certificate should be installed in Personal store. Passwords for the certificates can be found in the directory secrets/passwords.   
-
-To start the cluster, run the ansible playbook soctools.yml:  
-`ansible-playbook -i inventories soctools.yml -t start`
-
-To stop the cluster, run the ansible playbook soctools.yml:  
-`ansible-playbook -i inventories soctools.yml -t stop`
-
-Web interfaces are available on the following ports:
- * 9443 - NiFi
- * 5601 - Kibana
- * 6443 - Misp : Default user/password: admin@admin.test/test
- * 9000 - The Hive : Default user/password: admin@thehive.local/secret
- * 9001 - Cortex
- * 12443 - Keycloak : Default user/password: admin/Pass005
+BSD
 
-License
--------
+## Funding
 
-BSD
+As part of the GÉANT 2020 Framework Partnership Agreement (FPA), the project receives funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 856726 (GN4-3).
 
-Author Information
-------------------
+## Developers  
 
-GEANT WP8
+Arne Oslebo
+Bozidar Proevski
+Fredrik Pettai
+Kiril Kjiroski
+Temur Maisuradze
+Vaclav Bartos
\ No newline at end of file

doc/architecture.md

+# Architecture
\ No newline at end of file

doc/install.md

+# Installation