diff --git a/README.md b/README.md index f44a4984173bae749d95a9cbcf4551c6461643e6..53d81c2f1bdd700a52d9b556098702edc17eb27a 100644 --- a/README.md +++ b/README.md @@ -1,64 +1,33 @@ -SOCTools -========= +# SOCTools -SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence. +SOCTools is a collection of tools for collecting, enriching and analysing logs and other security data, threat information sharing and incident handling. It is comprised of the following components: +* [Apache Nifi](https://nifi.apache.org/) +* [Open Distro for Elasticsearch and Kibana](https://opendistro.github.io/for-elasticsearch/) +* [MISP](https://www.misp-project.org/) +* [The Hive and Cortex](https://thehive-project.org/) +* [Keycloak](https://www.keycloak.org/) -Installation ------------- +SOCTools aims at being easy to install and that all components should be fully integrated so that everything feels like one single application. -Do a minimal installation of CentOS 7. +## Documentation -Log in and install ansible: -`yum -y install epel-release` -`yum -y install ansible git` -`ansible-galaxy collection install ansible.posix` +* [Architecture](doc/architecture.md) +* [Installation](doc/install.md) +* Example use case -Clone soctools: -Temporary solution: Upload your ssh key to gitlab.geant.org -`git clone git@gitlab.geant.org:gn4-3-wp8-t3.1-soc/soctools.git` -`cd soctools` +## License -Install soctools: -Edit group_vars/all/main.yml and change 'soctoolsproxy' so that it point to the FQDN of the server. -`vi group_vars/all/main.yml` -Users are specified in the file: -`group_vars/all/users.yml` - -To configure the server running soctools, run the ansible playbook: -`ansible-playbook -i inventories soctools_server.yml` - -To build the Docker images needed, run the ansible playbook: -`ansible-playbook -i inventories buildimages.yml` - -To build the CA needed for host and user certificates, run the ansible playbook: -`ansible-playbook -i inventories buildca.yml` - -If using soctools CA certificates provided with this installation, you first need to download and import root certificate found in secrets/CA/ca.crt -For Windows, CA certificate should be installed in Trusted Root Certification Authorities store. - -User certificates are can be found in the directory secrets/certificates. Import into browser for authentication. -For Windows, user certificate should be installed in Personal store. Passwords for the certificates can be found in the directory secrets/passwords. - -To start the cluster, run the ansible playbook soctools.yml: -`ansible-playbook -i inventories soctools.yml -t start` - -To stop the cluster, run the ansible playbook soctools.yml: -`ansible-playbook -i inventories soctools.yml -t stop` - -Web interfaces are available on the following ports: - * 9443 - NiFi - * 5601 - Kibana - * 6443 - Misp : Default user/password: admin@admin.test/test - * 9000 - The Hive : Default user/password: admin@thehive.local/secret - * 9001 - Cortex - * 12443 - Keycloak : Default user/password: admin/Pass005 +BSD -License -------- +## Funding -BSD +As part of the GÉANT 2020 Framework Partnership Agreement (FPA), the project receives funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 856726 (GN4-3). -Author Information ------------------- +## Developers -GEANT WP8 +Arne Oslebo +Bozidar Proevski +Fredrik Pettai +Kiril Kjiroski +Temur Maisuradze +Vaclav Bartos \ No newline at end of file diff --git a/HOWTOS.md b/doc/HOWTOS.md similarity index 100% rename from HOWTOS.md rename to doc/HOWTOS.md diff --git a/doc/architecture.md b/doc/architecture.md new file mode 100644 index 0000000000000000000000000000000000000000..f2569bf9f173f7769530e2669c6614d2532b1d59 --- /dev/null +++ b/doc/architecture.md @@ -0,0 +1 @@ +# Architecture \ No newline at end of file diff --git a/doc/install.md b/doc/install.md new file mode 100644 index 0000000000000000000000000000000000000000..25267fe2b7ed698dc9479841761e7075263c5ff8 --- /dev/null +++ b/doc/install.md @@ -0,0 +1 @@ +# Installation