cert-polska / n6 Goto Github PK

Automated handling of data feeds for security teams

License: GNU Affero General Public License v3.0

Python 92.24% HTML 0.09% JavaScript 0.59% Shell 0.49% Makefile 0.10% CSS 0.08% Dockerfile 0.26% Mako 0.01% SCSS 0.89% Pug 0.22% TypeScript 5.03%

security-automation security-tools data-exchange incident-reports csirt-activities

n6's Introduction

n6

n6 (Network Security Incident eXchange) is a system to collect, manage and distribute security information on a large scale. Distribution is realized through a simple REST API and a web interface that authorized users can use to receive various types of data, in particular information on threats and incidents in their networks.

Basic References

Home page: github.com/CERT-Polska/n6
Documentation: n6.readthedocs.io

The project is developed by CERT Polska. Contact us via e-mail: [email protected].

Copyright and License

n6 is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License, Version 3, as published by the Free Software Foundation.

This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program (see: the LICENSE.txt file in the root directory of the source code repository). If not, see https://www.gnu.org/licenses/.

n6's People

Contributors

Stargazers

Watchers

n6's Issues

Typo 'asert_called_one_with'

docker compose build failed

Hello,

Once n6 repository cloned on local device (Ubuntu 22.04, running Docker and Docker compose plugin), I tried to launch docker compose build, but it's failed:

root@tools:/opt/n6# docker compose build
[+] Building 0.7s (14/14) FINISHED                                                                                                                                                                   docker:default
 => [worker internal] load build definition from Dockerfile                                                                                                                                                    0.0s
 => => transferring dockerfile: 1.89kB                                                                                                                                                                         0.0s
 => [worker internal] load .dockerignore                                                                                                                                                                       0.1s
 => => transferring context: 1.23kB                                                                                                                                                                            0.0s
 => [base internal] load build definition from Dockerfile                                                                                                                                                      0.1s
 => => transferring dockerfile: 6.13kB                                                                                                                                                                         0.0s
 => [base internal] load .dockerignore                                                                                                                                                                         0.1s
 => => transferring context: 1.23kB                                                                                                                                                                            0.0s
 => [rabbit internal] load build definition from Dockerfile                                                                                                                                                    0.1s
 => => transferring dockerfile: 726B                                                                                                                                                                           0.0s
 => [rabbit internal] load .dockerignore                                                                                                                                                                       0.2s
 => => transferring context: 1.23kB                                                                                                                                                                            0.0s
 => [mysql internal] load build definition from Dockerfile                                                                                                                                                     0.2s
 => => transferring dockerfile: 1.15kB                                                                                                                                                                         0.0s
 => [mysql internal] load .dockerignore                                                                                                                                                                        0.1s
 => => transferring context: 1.23kB                                                                                                                                                                            0.0s
 => [web internal] load build definition from Dockerfile                                                                                                                                                       0.1s
 => => transferring dockerfile: 1.63kB                                                                                                                                                                         0.0s
 => [web internal] load .dockerignore                                                                                                                                                                          0.1s
 => => transferring context: 1.23kB                                                                                                                                                                            0.0s
 => ERROR [web internal] load metadata for docker.io/library/n6_base:latest                                                                                                                                    0.5s
 => CANCELED [base internal] load metadata for docker.io/library/debian:bullseye-slim                                                                                                                          0.6s
 => CANCELED [rabbit internal] load metadata for docker.io/library/rabbitmq:3.8-management                                                                                                                     0.5s
 => CANCELED [mysql internal] load metadata for docker.io/library/mariadb:10.3-bionic                                                                                                                          0.5s
------
 > [web internal] load metadata for docker.io/library/n6_base:latest:
------
failed to solve: n6_base: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

Any idea ?

Regards,

Experimenting with STOMP

Hi guys,

I am playing with n6 docker installation to look into the STOMP connection. As there is no STOMP configuration set, I added a port to the docker-compose.yml:

    ports:
      - 5671:5671 #  TLS connections
      - 5672:5672 #  TCP connections
      - 15671:15671 # WEB management
      - 15672:15672 # HTTP API
      - 61613:61613 # STOMP API

And I launched the STOMP plugin by modifying docker/rabbit/Dockerfile:

RUN rabbitmq-plugins enable --offline \
    rabbitmq_management \
    rabbitmq_management_agent \
    rabbitmq_auth_mechanism_ssl \
    rabbitmq_federation \
    rabbitmq_federation_management \
    rabbitmq_shovel \
    rabbitmq_shovel_management \
    rabbitmq-plugins enable rabbitmq_stomp

Finally I used stomp.py to connect to the STOMP endpoint:

(teststomp) ➜  Play stomp -H localhost -P 61613    
> subscribe /exchange/event/sblam.spam
Subscribing to '/exchange/event/sblam.spam' with acknowledge set to 'auto', id set to '3'

But launching n6collector_sblamspam in the worker, I can see new events in the UI, but nothing on the STOMP endpoint. Do you have any pointers to configure smth like https://n6.readthedocs.io/usage/streamapi/ on the docker installation ?

installing error.

Hello.
I was not able to install n6.
Specs:
Ubuntu Server 20.4
Docker version 20.10.8, build 3967b7d
docker-compose version 1.25.0, build unknown
git version 2.25.1
Python 3.8.10
Python 2.7.18

What I did.
Cloned git repository. While trying to build occured errors but images were built:

max@n6vm:~/n6/n6$ sudo docker images | grep n6
n6_worker latest 539acd3d1c38 13 minutes ago 1.33GB
n6_base latest 39c0850d1e87 13 minutes ago 1.32GB
n6_web latest ac3041e66f9c About an hour ago 1.55GB
n6_mysql latest 6579790207c2 4 hours ago 551MB
n6_rabbit latest aa653aa5a1c9 4 hours ago 250MB

I cant access admin page (4444/org) or any other n6 pages. But can access everything else, like rabbit or using n6 exec commands.
Intstall log in attachments
log_int.txt

cert-polska / n6 Goto Github PK

n6's Introduction

n6

Basic References

Copyright and License

n6's People

Contributors

Stargazers

Watchers

Forkers

n6's Issues

Typo 'asert_called_one_with'

docker compose build failed

Experimenting with STOMP

installing error.

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent