Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • opensearch
  • master-wo-opendistro-plugins
  • dev-bartos
  • tag-modification
  • java-upgrade
  • ports
  • nifi-update
  • kiril.kjiroski-master-patch-71888
  • user-mgmt-ui
  • interactive
  • cluster-support
  • dev5
  • dev4
  • dev02
  • dev01b
  • dev1
  • dev3
  • dev2
  • v1.0
  • v0.7
21 results
Compare
user avatar
removed hosts.yml
Debian authored
d52e64f3
History
user avatar d52e64f3
History
Name Last commit Last update
inventories
roles
README.md
build_images.yml
deploy.yml
README.md

SOCTools

SOCTools is a set of tools that can be used by a SOC for collecting and analyzing security data, incident handling and threat intelligence.

Installation

Edit inventories/deploy/hosts.yml and change "host1" to the fqdn or IP address of the server where the tools should be installed. The playbook has been tested on Debian Stretch and CentOS 7. The role soctools_server makes sure that docker is properly installed on the server. To prevent the playbook to make any changes to the server besides setting up docker networks and containers, this role can be removed.

Run the ansible playbook:

ansible-playbook -i inventories/deploy/hosts.yml deploy.yml

This will install the following docker images:

  • zookeeper:latest
  • haproxy:latest
  • apache/nifi:latest

While the ansible playbook supports multiple servers, the current configuration of NiFi and haproxy only supports a single server.

Building images

Images that are not offical Docker images can be built from scratch by running:

ansible-playbook -i inventories/build/hosts.yml build_images.yml

Edit the files under inventories/deploy/group_vars to specify that built images should be used. Currently only NiFi is built from scratch.

License

BSD

Author Information

GEANT WP8