From e48f60038b49723fb5fb3c7c16833e6256dc5fa8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=A1clav=20Barto=C5=A1?= <bartos@cesnet.cz>
Date: Mon, 7 Feb 2022 10:32:34 +0100
Subject: [PATCH] doc: administration.md added, just with outline and todo
 notes

---
 doc/administration.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 doc/administration.md

diff --git a/doc/administration.md b/doc/administration.md
new file mode 100644
index 0000000..447bf65
--- /dev/null
+++ b/doc/administration.md
@@ -0,0 +1,29 @@
+# SOCtools Administration Guide
+
+TODO:
+Describe what components are there and how they work together, how data flow. (There already is architecture.md, review/update it)
+
+## User management
+
+How user management is handled (Keycloak)? Is everything centralized or are there "local" users in some applications?
+How to add/edit user accounts
+
+
+## Data ingestion
+
+How to forward logs from some servers/applications to SOCtools, what must be set up to in NiFi.
+
+Other data sources except logs? Emails?
+
+How to set up data feeds in MISP and analyzers in Cortex.
+
+
+## Data processing in NiFi 
+
+What the current NiFi pipeline does. How to reconfigure it.
+
+
+## Other tools?
+
+Is there anything in Elasticsearch, Kibana, MISP, The Hive, etc., which is specific to SOCtools and should be described (i.e. can't be found in official documentation of these tools)?
+
-- 
GitLab