Skip to content
Snippets Groups Projects
Commit 8c3743db authored by Kiril KJiroski's avatar Kiril KJiroski
Browse files

Update install.md

parent b4d453d2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 9 additions and 1 deletion
doc/install.md
+ 9
1
View file @ 8c3743db
...@@ -30,7 +30,15 @@ You can use configuration script named "configure.sh", located in the root folde ...@@ -30,7 +30,15 @@ You can use configuration script named "configure.sh", located in the root folde
* By default, following services are accessible only from internal docker network (172.22.0.0/16): * By default, following services are accessible only from internal docker network (172.22.0.0/16):
* HAProxy Stats - Statistics about proxied services/tools and their availability. Generally, you want only a selected number of people to be able to view them. * HAProxy Stats - Statistics about proxied services/tools and their availability. Generally, you want only a selected number of people to be able to view them.
* ODFE - Direct access to ODFE Elasticsearch containers. Generally, you would need to access them only for debugging purposes. * ODFE - Direct access to ODFE Elasticsearch containers. Generally, you would need to access them only for debugging purposes.
* By default, all SOCTools are accessible from the whole Internet. Since we are using certificates for all tools, except for Keycloak and User Management UI, you may want to restrict access to the last two. * By default, all SOCTools are accessible from the whole Internet. If there is any doubt in the implemented security features, you may want to fine-tune port visibility. You can restrict access to following:
* Nifi Management - Web UI for managing Nifi flows. You may want to restrict access inside you organization.
* Nifi ports - ports used for accepting data from various sources. You may want to restrict access only to certain servers/devices in your network.
* Keycloak Management - Web UI for managing SOCTools Users. Increase security by restricting access only for administrator(s)
* TheHive - Web UI for TheHive. Usually don't want to restrict access.
* Cortex - Web UI for Cortex. Usually don't want to restrict access.
* MISP - Web UI for MISP. Usually don't want to restrict access.
* User Management UI - Web UI for creating and managing SOCTools users. Increase security by restricting access only for administrator(s)
* Kibana - Web UI for Kibana. Increase security by restricting access only for administrator(s)
Edit roles/haproxy/files/stats_whitelist.lst in order to manually configure whitelist IP addresses for accessing various tools. You can use access.ips file found in the root folder as starting template. Edit roles/haproxy/files/stats_whitelist.lst in order to manually configure whitelist IP addresses for accessing various tools. You can use access.ips file found in the root folder as starting template.
* `cat access.ips > roles/haproxy/files/stats_whitelist.lst` * `cat access.ips > roles/haproxy/files/stats_whitelist.lst`
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment