Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • opensearch
  • master-wo-opendistro-plugins
  • dev-bartos
  • tag-modification
  • java-upgrade
  • ports
  • nifi-update
  • kiril.kjiroski-master-patch-71888
  • user-mgmt-ui
  • interactive
  • cluster-support
  • dev5
  • dev4
  • dev02
  • dev01b
  • dev1
  • dev3
  • dev2
  • v1.0
  • v0.7
21 results
Compare
user avatar
Added empty dirs needed for the scripts
root authored
4018aaf6
History
user avatar 4018aaf6
History
Name Last commit Last update
group_vars/all
inventories
roles
README.md
buildca.yml
buildimages.yml
deploy.yml
soctools-inventory
soctools.yml
startsoctools.yml
stopsoctools.yml
README.md

SOCTools

SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence.

Installation

Edit soctools-inventory and add the desired docker containers to be deployed. The playbook has been tested on CentOS 7. Edit settings in group_vars/all/main.yml.

To build the Docker images needed, run the ansible playbook: ansible-playbook -i soctools-inventory buildimages.yml

To build the CA needed for host and user certificates, run the ansible playbook: ansible-playbook -i soctools-inventory buildca.yml User certificates are exported in roles/ca/files/CA/private.

To start and stop the cluster, run the ansible playbook soctools.yml: ansible-playbook -i soctools-inventory soctools.yml -t start to start the cluster. ansible-playbook -i soctools-inventory soctools.yml -t stop to stop the cluster.

The NiFi interface should now be available on port 443 on the server.

License

BSD

Author Information

GEANT WP8