certsocietegenerale / fir Goto Github PK
View Code? Open in Web Editor NEWFast Incident Response
License: GNU General Public License v3.0
Fast Incident Response
License: GNU General Public License v3.0
Should it be possible to search on indicators such as IP addresses and domains using the search box at the top of the screen. This doesn't seem to work for me, although if I go to a case containing the indicator I can search by clicking on it.
The only field which appears to be searchable from the search box is the title field.
Aside from that I think it's a great system. Many thanks for making it available.
I followed the instructions for a dev / test version. When I go to http://localhost:8000, though, I get the following. (A PR is incoming immediately following this issue!)
ImportError at /
No module named six
Request Method: GET
Request URL: http://localhost:8000/
Django Version: 1.7.6
Exception Type: ImportError
Exception Value:
No module named six
Exception Location: /home/kmaxwell/src/FIR/venv/local/lib/python2.7/site-packages/dateutil/relativedelta.py in <module>, line 5
Python Executable: /home/kmaxwell/src/FIR/venv/bin/python
Python Version: 2.7.6
Python Path:
['/home/kmaxwell/src/FIR',
'/home/kmaxwell/src/FIR/venv/lib/python2.7',
'/home/kmaxwell/src/FIR/venv/lib/python2.7/plat-x86_64-linux-gnu',
'/home/kmaxwell/src/FIR/venv/lib/python2.7/lib-tk',
'/home/kmaxwell/src/FIR/venv/lib/python2.7/lib-old',
'/home/kmaxwell/src/FIR/venv/lib/python2.7/lib-dynload',
'/usr/lib/python2.7',
'/usr/lib/python2.7/plat-x86_64-linux-gnu',
'/usr/lib/python2.7/lib-tk',
'/home/kmaxwell/src/FIR/venv/local/lib/python2.7/site-packages']
Server time: Thu, 12 Mar 2015 20:57:49 +0100
Traceback Switch to copy-and-paste view
/home/kmaxwell/src/FIR/venv/local/lib/python2.7/site-packages/django/core/handlers/base.py in get_response
resolver_match = resolver.resolve(request.path_info) ...
▶ Local vars
/home/kmaxwell/src/FIR/venv/local/lib/python2.7/site-packages/django/core/urlresolvers.py in resolve
for pattern in self.url_patterns: ...
▶ Local vars
/home/kmaxwell/src/FIR/venv/local/lib/python2.7/site-packages/django/core/urlresolvers.py in url_patterns
patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module) ...
▶ Local vars
/home/kmaxwell/src/FIR/venv/local/lib/python2.7/site-packages/django/core/urlresolvers.py in urlconf_module
self._urlconf_module = import_module(self.urlconf_name) ...
▶ Local vars
/usr/lib/python2.7/importlib/__init__.py in import_module
__import__(name) ...
▶ Local vars
/home/kmaxwell/src/FIR/fir/urls.py in <module>
url(r'^incidents/', include('incidents.urls', namespace='incidents')), ...
▶ Local vars
/home/kmaxwell/src/FIR/venv/local/lib/python2.7/site-packages/django/conf/urls/__init__.py in include
urlconf_module = import_module(urlconf_module) ...
▶ Local vars
/usr/lib/python2.7/importlib/__init__.py in import_module
__import__(name) ...
▶ Local vars
/home/kmaxwell/src/FIR/incidents/urls.py in <module>
from incidents import views ...
▶ Local vars
/home/kmaxwell/src/FIR/incidents/views.py in <module>
from dateutil.relativedelta import * ...
▶ Local vars
/home/kmaxwell/src/FIR/venv/local/lib/python2.7/site-packages/dateutil/relativedelta.py in <module>
from six import integer_types ...
▶ Local vars
Request information
GET
No GET data
POST
No POST data
FILES
No FILES data
COOKIES
No cookie data
META
Variable Value
RUN_MAIN
'true'
XDG_GREETER_DATA_DIR
'/var/lib/lightdm-data/kmaxwell'
QT4_IM_MODULE
'xim'
wsgi.multithread
True
SERVER_SOFTWARE
'WSGIServer/0.1 Python/2.7.6'
UPSTART_EVENTS
'started starting'
SCRIPT_NAME
u''
REQUEST_METHOD
'GET'
SERVER_PROTOCOL
'HTTP/1.1'
HOME
'/home/kmaxwell'
DISPLAY
':0'
LANG
'en_US.UTF-8'
VIRTUAL_ENV
'/home/kmaxwell/src/FIR/venv'
SHELL
'/bin/bash'
XDG_DATA_DIRS
'/usr/share/gnome:/usr/local/share/:/usr/share/'
MANDATORY_PATH
'/usr/share/gconf/gnome.mandatory.path'
UPSTART_INSTANCE
''
JOB
'gnome-session'
TEXTDOMAIN
'im-config'
SERVER_PORT
'8000'
XMODIFIERS
'@im=ibus'
SELINUX_INIT
'YES'
PATH_INFO
u'/'
XDG_RUNTIME_DIR
'/run/user/1000'
COMP_WORDBREAKS
' \t\n"\'><;|&(:'
VTE_VERSION
'3409'
HTTP_CONNECTION
'keep-alive'
HTTP_HOST
'localhost:8000'
wsgi.version
(1, 0)
XDG_CURRENT_DESKTOP
'GNOME'
XDG_SESSION_ID
'c2'
DBUS_SESSION_BUS_ADDRESS
'unix:abstract=/tmp/dbus-oMDvpooA3D'
GNOME_KEYRING_PID
'2227'
HTTP_ACCEPT
'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8'
DESKTOP_SESSION
'gnome'
LESSCLOSE
'/usr/bin/lesspipe %s %s'
DEFAULTS_PATH
'/usr/share/gconf/gnome.default.path'
wsgi.run_once
False
wsgi.errors
<open file '<stderr>', mode 'w' at 0x7fd9167601e0>
wsgi.multiprocess
False
HTTP_ACCEPT_LANGUAGE
'en-US,en;q=0.8,es;q=0.6'
INSTANCE
'GNOME'
PERL_MB_OPT
'--install_base "/home/kmaxwell/perl5"'
LS_COLORS
'rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.axa=00;36:*.oga=00;36:*.spx=00;36:*.xspf=00;36:'
XDG_SEAT
'seat0'
PERL_MM_OPT
'INSTALL_BASE=/home/kmaxwell/perl5'
GNOME_DESKTOP_SESSION_ID
'this-is-deprecated'
LESSOPEN
'| /usr/bin/lesspipe %s'
QUERY_STRING
''
QT_IM_MODULE
'ibus'
LOGNAME
'kmaxwell'
USER
'kmaxwell'
GNOME_KEYRING_CONTROL
'/run/user/1000/keyring-1J8pjt'
XDG_VTNR
'7'
PATH
'/home/kmaxwell/src/FIR/venv/bin:/home/kmaxwell/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/home/kmaxwell/.local/bin:/home/kmaxwell/.google_appengine'
PS1
'(venv)\\[\\033[01;32m\\]\\u@\\h\\[\\033[00m\\]:\\[\\033[01;36m\\]\\w\\[\\033[00m\\]$(parse_git_branch)$ '
TERM
'xterm'
HTTP_USER_AGENT
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36'
XDG_SESSION_PATH
'/org/freedesktop/DisplayManager/Session0'
XAUTHORITY
'/home/kmaxwell/.Xauthority'
LANGUAGE
'en_US'
REMOTE_ADDR
'127.0.0.1'
SHLVL
'1'
QT_QPA_PLATFORMTHEME
'appmenu-qt5'
wsgi.url_scheme
'http'
CLUTTER_IM_MODULE
'xim'
WINDOWID
'41943048'
EDITOR
'vim -f'
SESSIONTYPE
'gnome-session'
IM_CONFIG_PHASE
'1'
GPG_AGENT_INFO
'/run/user/1000/keyring-1J8pjt/gpg:0:1'
CONTENT_LENGTH
''
CONTENT_TYPE
'text/plain'
SSH_AUTH_SOCK
'/run/user/1000/keyring-1J8pjt/ssh'
GDMSESSION
'gnome'
UPSTART_JOB
'gnome-settings-daemon'
TEXTDOMAINDIR
'/usr/share/locale/'
CLICOLOR
'1'
XDG_SEAT_PATH
'/org/freedesktop/DisplayManager/Seat0'
TZ
'Europe/Paris'
_
'./manage.py'
wsgi.input
<socket._fileobject object at 0x7fd91233fed0>
GTK_IM_MODULE
'ibus'
UPSTART_SESSION
'unix:abstract=/com/ubuntu/upstart-session/1000/2231'
XDG_CONFIG_DIRS
'/etc/xdg/xdg-gnome:/usr/share/upstart/xdg:/etc/xdg'
SERVER_NAME
'localhost'
GATEWAY_INTERFACE
'CGI/1.1'
OLDPWD
'/home/kmaxwell/src/FIR/docker'
GDM_LANG
'en_US'
GTK_MODULES
'overlay-scrollbar'
PWD
'/home/kmaxwell/src/FIR'
HTTP_DNT
'1'
DJANGO_SETTINGS_MODULE
'fir.settings'
COLORTERM
'gnome-terminal'
wsgi.file_wrapper
''
REMOTE_HOST
''
HTTP_ACCEPT_ENCODING
'gzip, deflate, sdch'
Settings
Using settings module fir.settings
Setting Value
USE_L10N
True
USE_THOUSAND_SEPARATOR
False
CSRF_COOKIE_SECURE
False
LANGUAGE_CODE
'en-us'
ROOT_URLCONF
'fir.urls'
MANAGERS
()
BASE_DIR
'/home/kmaxwell/src/FIR'
TEST_NON_SERIALIZED_APPS
[]
DEFAULT_CHARSET
'utf-8'
SESSION_SERIALIZER
'django.contrib.sessions.serializers.JSONSerializer'
STATIC_ROOT
'/home/kmaxwell/src/FIR/static'
ALLOWED_HOSTS
[]
MESSAGE_STORAGE
'django.contrib.messages.storage.fallback.FallbackStorage'
EMAIL_SUBJECT_PREFIX
'[Django] '
SEND_BROKEN_LINK_EMAILS
False
STATICFILES_FINDERS
('django.contrib.staticfiles.finders.FileSystemFinder',
'django.contrib.staticfiles.finders.AppDirectoriesFinder')
SESSION_CACHE_ALIAS
'default'
SESSION_COOKIE_DOMAIN
None
SESSION_COOKIE_NAME
'sessionid'
ADMIN_FOR
()
TIME_INPUT_FORMATS
('%H:%M:%S', '%H:%M:%S.%f', '%H:%M')
DATABASES
{'default': {'ATOMIC_REQUESTS': False,
'AUTOCOMMIT': True,
'CONN_MAX_AGE': 0,
'ENGINE': 'django.db.backends.sqlite3',
'HOST': '',
'NAME': '/home/kmaxwell/src/FIR/db.sqlite3',
'OPTIONS': {},
'PASSWORD': u'********************',
'PORT': '',
'TEST': {'CHARSET': None,
'COLLATION': None,
'MIRROR': None,
'NAME': None},
'TIME_ZONE': 'Europe/Paris',
'USER': ''}}
FILE_UPLOAD_DIRECTORY_PERMISSIONS
None
FILE_UPLOAD_PERMISSIONS
None
FILE_UPLOAD_HANDLERS
('django.core.files.uploadhandler.MemoryFileUploadHandler',
'django.core.files.uploadhandler.TemporaryFileUploadHandler')
DEFAULT_CONTENT_TYPE
'text/html'
APPEND_SLASH
True
LOCALE_PATHS
()
DATABASE_ROUTERS
[]
DEFAULT_TABLESPACE
''
YEAR_MONTH_FORMAT
'F Y'
STATICFILES_STORAGE
'django.contrib.staticfiles.storage.StaticFilesStorage'
CACHES
{'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
SERVER_EMAIL
'root@localhost'
SESSION_COOKIE_PATH
'/'
SILENCED_SYSTEM_CHECKS
[]
MIDDLEWARE_CLASSES
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware')
USE_I18N
True
THOUSAND_SEPARATOR
','
SECRET_KEY
u'********************'
LANGUAGE_COOKIE_NAME
'django_language'
DEFAULT_INDEX_TABLESPACE
''
TRANSACTIONS_MANAGED
False
LOGGING_CONFIG
'logging.config.dictConfig'
TEMPLATE_LOADERS
('django.template.loaders.filesystem.Loader',
'django.template.loaders.app_directories.Loader')
FIRST_DAY_OF_WEEK
0
WSGI_APPLICATION
'fir.wsgi.application'
TEMPLATE_DEBUG
True
X_FRAME_OPTIONS
'SAMEORIGIN'
CSRF_COOKIE_NAME
'csrftoken'
FORCE_SCRIPT_NAME
None
USE_X_FORWARDED_HOST
False
SIGNING_BACKEND
'django.core.signing.TimestampSigner'
SESSION_COOKIE_SECURE
False
CSRF_COOKIE_DOMAIN
None
FILE_CHARSET
'utf-8'
DEBUG
True
LANGUAGE_COOKIE_DOMAIN
None
DEFAULT_FILE_STORAGE
'django.core.files.storage.FileSystemStorage'
INSTALLED_APPS
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'incidents',
'django.contrib.admin',
'fir_plugins',
'fir_artifacts')
LANGUAGES
(('af', 'Afrikaans'),
('ar', 'Arabic'),
('ast', 'Asturian'),
('az', 'Azerbaijani'),
('bg', 'Bulgarian'),
('be', 'Belarusian'),
('bn', 'Bengali'),
('br', 'Breton'),
('bs', 'Bosnian'),
('ca', 'Catalan'),
('cs', 'Czech'),
('cy', 'Welsh'),
('da', 'Danish'),
('de', 'German'),
('el', 'Greek'),
('en', 'English'),
('en-au', 'Australian English'),
('en-gb', 'British English'),
('eo', 'Esperanto'),
('es', 'Spanish'),
('es-ar', 'Argentinian Spanish'),
('es-mx', 'Mexican Spanish'),
('es-ni', 'Nicaraguan Spanish'),
('es-ve', 'Venezuelan Spanish'),
('et', 'Estonian'),
('eu', 'Basque'),
('fa', 'Persian'),
('fi', 'Finnish'),
('fr', 'French'),
('fy', 'Frisian'),
('ga', 'Irish'),
('gl', 'Galician'),
('he', 'Hebrew'),
('hi', 'Hindi'),
('hr', 'Croatian'),
('hu', 'Hungarian'),
('ia', 'Interlingua'),
('id', 'Indonesian'),
('io', 'Ido'),
('is', 'Icelandic'),
('it', 'Italian'),
('ja', 'Japanese'),
('ka', 'Georgian'),
('kk', 'Kazakh'),
('km', 'Khmer'),
('kn', 'Kannada'),
('ko', 'Korean'),
('lb', 'Luxembourgish'),
('lt', 'Lithuanian'),
('lv', 'Latvian'),
('mk', 'Macedonian'),
('ml', 'Malayalam'),
('mn', 'Mongolian'),
('mr', 'Marathi'),
('my', 'Burmese'),
('nb', 'Norwegian Bokmal'),
('ne', 'Nepali'),
('nl', 'Dutch'),
('nn', 'Norwegian Nynorsk'),
('os', 'Ossetic'),
('pa', 'Punjabi'),
('pl', 'Polish'),
('pt', 'Portuguese'),
('pt-br', 'Brazilian Portuguese'),
('ro', 'Romanian'),
('ru', 'Russian'),
('sk', 'Slovak'),
('sl', 'Slovenian'),
('sq', 'Albanian'),
('sr', 'Serbian'),
('sr-latn', 'Serbian Latin'),
('sv', 'Swedish'),
('sw', 'Swahili'),
('ta', 'Tamil'),
('te', 'Telugu'),
('th', 'Thai'),
('tr', 'Turkish'),
('tt', 'Tatar'),
('udm', 'Udmurt'),
('uk', 'Ukrainian'),
('ur', 'Urdu'),
('vi', 'Vietnamese'),
('zh-cn', 'Simplified Chinese'),
('zh-hans', 'Simplified Chinese'),
('zh-hant', 'Traditional Chinese'),
('zh-tw', 'Traditional Chinese'))
COMMENTS_ALLOW_PROFANITIES
False
STATICFILES_DIRS
()
PREPEND_WWW
False
SECURE_PROXY_SSL_HEADER
None
LANGUAGE_COOKIE_AGE
None
SESSION_COOKIE_HTTPONLY
True
DEBUG_PROPAGATE_EXCEPTIONS
False
INTERNAL_IPS
()
MONTH_DAY_FORMAT
'F j'
LOGIN_URL
'/login'
SESSION_EXPIRE_AT_BROWSER_CLOSE
False
TIME_FORMAT
'P'
AUTH_USER_MODEL
'auth.User'
DATE_INPUT_FORMATS
('%Y-%m-%d',
'%m/%d/%Y',
'%m/%d/%y',
'%b %d %Y',
'%b %d, %Y',
'%d %b %Y',
'%d %b, %Y',
'%B %d %Y',
'%B %d, %Y',
'%d %B %Y',
'%d %B, %Y')
AUTHENTICATION_BACKENDS
('django.contrib.auth.backends.ModelBackend',)
EMAIL_HOST_PASSWORD
u'********************'
PASSWORD_RESET_TIMEOUT_DAYS
u'********************'
SESSION_FILE_PATH
None
CACHE_MIDDLEWARE_ALIAS
'default'
SESSION_SAVE_EVERY_REQUEST
False
NUMBER_GROUPING
0
SESSION_ENGINE
'django.contrib.sessions.backends.db'
CSRF_FAILURE_VIEW
'django.views.csrf.csrf_failure'
CSRF_COOKIE_PATH
'/'
LOGIN_REDIRECT_URL
'/accounts/profile/'
DECIMAL_SEPARATOR
'.'
IGNORABLE_404_URLS
()
MIGRATION_MODULES
{}
TEMPLATE_STRING_IF_INVALID
''
LOGOUT_URL
'/logout'
EMAIL_USE_TLS
False
FIXTURE_DIRS
()
EMAIL_HOST
'localhost'
DATE_FORMAT
'N j, Y'
MEDIA_ROOT
'/home/kmaxwell/src/FIR/uploads'
DEFAULT_EXCEPTION_REPORTER_FILTER
'django.views.debug.SafeExceptionReporterFilter'
ADMINS
()
FORMAT_MODULE_PATH
None
DEFAULT_FROM_EMAIL
'webmaster@localhost'
MEDIA_URL
'/files/'
DATETIME_FORMAT
'N j, Y, P'
TEMPLATE_DIRS
()
SITE_ID
1
DISALLOWED_USER_AGENTS
()
ALLOWED_INCLUDE_ROOTS
()
LOGGING
{}
SHORT_DATE_FORMAT
'm/d/Y'
TEST_RUNNER
'django.test.runner.DiscoverRunner'
CACHE_MIDDLEWARE_KEY_PREFIX
u'********************'
TIME_ZONE
'Europe/Paris'
FILE_UPLOAD_MAX_MEMORY_SIZE
2621440
EMAIL_BACKEND
'django.core.mail.backends.console.EmailBackend'
EMAIL_USE_SSL
False
TEMPLATE_CONTEXT_PROCESSORS
('django.contrib.auth.context_processors.auth',
'django.core.context_processors.debug',
'django.core.context_processors.i18n',
'django.core.context_processors.media',
'django.core.context_processors.static',
'django.core.context_processors.request',
'django.contrib.messages.context_processors.messages')
SESSION_COOKIE_AGE
1209600
SETTINGS_MODULE
'fir.settings'
USE_ETAGS
False
LANGUAGES_BIDI
('he', 'ar', 'fa', 'ur')
FILE_UPLOAD_TEMP_DIR
None
CSRF_COOKIE_AGE
31449600
STATIC_URL
'/static/'
EMAIL_PORT
25
USE_TZ
False
SHORT_DATETIME_FORMAT
'm/d/Y P'
PASSWORD_HASHERS
u'********************'
ABSOLUTE_URL_OVERRIDES
{}
LANGUAGE_COOKIE_PATH
'/'
CACHE_MIDDLEWARE_SECONDS
600
CSRF_COOKIE_HTTPONLY
False
DATETIME_INPUT_FORMATS
('%Y-%m-%d %H:%M:%S',
'%Y-%m-%d %H:%M:%S.%f',
'%Y-%m-%d %H:%M',
'%Y-%m-%d',
'%m/%d/%Y %H:%M:%S',
'%m/%d/%Y %H:%M:%S.%f',
'%m/%d/%Y %H:%M',
'%m/%d/%Y',
'%m/%d/%y %H:%M:%S',
'%m/%d/%y %H:%M:%S.%f',
'%m/%d/%y %H:%M',
'%m/%d/%y')
EMAIL_HOST_USER
''
PROFANITIES_LIST
u'********************'
You're seeing this error because you have DEBUG = True in your Django settings file. Change that to False, and Django will display a standard 500 page.
To reproduce:
Hi,
Is there a way to display the ID of each incident on the "dashboard" page or "incident" page at least ?
Is it possible to upload files and attach them to an incident using the API?
Thanks
python-pip and python-dev prerequisites are given twice.
Good morning,
It would be most useful if stats results (mainly the list of matching incidents) could be exported as an excel/csv/pdf or any other format file.
Also if this option would be available in the incidents/events tab.
If not possible/feasible I will try to implement it myself.
Thank you very much for this excellent solution.
Claudiu
Hi,
As github doesn't seem to provide an easy way for issuing pull requests to wiki, here is the doc I wrote in attachment.
Please don't hesitate to have e correct it if needed.
Thx for your work
Please consider adding External Authentication (LDAP, AD, Kerberos, etc.) to your roadmap.
Hello,
I've just installed FIR in development version.
However I can't find the default username/password to use, do you have it?
Regards
I will not be using a virtual environment, so after step:
$ git clone https://github.com//FIR.git
I'm guessing I mv the fir directory to say /var/html/www?
Also, is there a ready this says yourhandle instead of:
https://github.com/certsocietegenerale/FIR.git
Thank you.
Hi,
I tried to create 2 users to check if I can manage their permissions. I would like that user2 can't modify incidents created by user1 (for example, user2 could add some comments, artefact etc.. but couldn't modify some important information like date / log / artefact etc... added by user1. Only user1 or the "super user" could).
It seems that user with the "incident handler" persmission can do everything: add, edit, delete all objects.
I check permissions in the admin panel, but after having tried many configuration, i never succeed to have the behavior I expect.
Moreover, when a user does not have the "incident handler" permission but has others permission like "add incident", he can't access to the "Incident page".
Maybe it's not in your inention to handle a such small granularity of permissions. Or maybe i have to check more information about Django / FIR code.
Hi,
This tool is fantastic! We are looking at giving member of various business units access to FIR. But we don't want them to see everything, just the incidents for their Business Unit. A feature where we could restrict that access would be fantastic.
Thanks,
Ben
Make the pop-up window movable
To reproduce:
I followed the instructions in the production installation part, and when I'm trying to access the webpage I getting Bad Request (400) error. No clues in Nginx log files.
When a user delete all the incident comments, you can't load the incident list.
The graphical interface says : "loading...".
The user only needs to do it for 1 incident among all incidents to get this issue.
No errors are present in the logs.
If you need anything else don't hesitate to ask !
Running into an issue when I get to the step of ./manage.py syncdb it would appear that syncdb is no longer an option based on what I'm seeing in the help. Also found an article in stack overflow stating that syncdb has gone away and to use migrate.
When I run ./manage.py migrate instead I get an error of:
File "./manage.py", line 8 in
from django.core.management import execute_from_command_line
ImportError: no module named django.core.management
then dumps me back to my virtual environment.
Some requirements (/requirements.txt
) seem unused, such as:
pymongo
argparse
lxml
Did I missed something ?
EDIT: (It seems to be related to #3 )
EDIT2: pymongo
is used for bson
, my bad.
There are no English translations for the Bale Categories.
Well...I followed everything pretty much to the letter. I'm greeted with:
Bad Request (400)
When I try anything, so I think this is an nginx issue. Things I need clarification on:
production.py - ALLOWED_HOSTS = ['localhost'] <- what is this for?
This is the first time I've EVER used nginx, so I'm not sure what I need to do.
in file /etc/nginx/sites-available/fir
I have
server {
server_name ip.address;
This server is internal and will be accessed by IP. I'd like to ideally have:
As the link. I'm getting close, but right now all I get is the Bad Request (400) as above. Thanks for any help.
External auth system integration
$ git clone https://github.com/<yourhandlehere>/FIR.git
which should read:
$ git clone https://github.com/certsocietegenerale/FIR.git
^ This is also how it's stated within https://github.com/certsocietegenerale/FIR/wiki/Installation-on-a-production-environment
2. Under the step Create the tables in the database the instructions state to:
$ ./manage.py syncdb --noinput
$ ./manage.py migrate
however, running migrate
prior to/without makemigrations
resulted in the following error:
(env-FIR)hithere@yourhouse:~/Desktop/FIR# ./manage.py migrate
Operations to perform:
Synchronize unmigrated apps: fir_alerting
Apply all migrations: fir_nuggets, fir_artifacts, sessions, admin, sites, auth, fir_todos, contenttypes, incidents
Synchronizing apps without migrations:
Creating tables...
Installing custom SQL...
Installing indexes...
Running migrations:
No migrations to apply.
Your models have changes that are not yet reflected in a migration, and so won't be applied.
Run 'manage.py makemigrations' to make new migrations, and then re-run 'manage.py migrate' to apply them.
Hi,
would it be possible to add the possibility for anyone to create Events (by filling in a basic form with certain mandatory fields) without having an account on the tool?
The idea is that anyone should be able to report security events, that after review, are escalated to incidents or not...
The list of TLDs in fir_artifacts/hostname.py doesn't contain recently added top level domains as reported by IANA http://data.iana.org/TLD/tlds-alpha-by-domain.txt
I'll make a pull request
I have probably missed something obvious here, but when I get to the ...
"Point your web browser to http://fir.domain.com/admin/ and log in with the superuser credentials you specified during install."
... step, I don't remember specifying any credentials.
I looked back and the earlier steps and tried the admin:admin credentials that worked in the development install.
Can whatever I missed be better emphasized in the Production Install instructions.
Let me know.
Thanks.
Comment is vulnerable to XSS
PoC: submit following as POST request body:
csrfmiddlewaretoken=9zdYmbOteXVHKiJBezS05DT23diCYDwU&action=6&date=2015-12-18+13%3A41&comment=“><script>alert(1)</script>
Subsequent visit of the event will result in popup
So....what's a "Blocked" incident? And is there a way to get Events to show up in the Dashboard and in the Stats page? I currently have added just a test Event only which is closed and I don't see it in either of the above. Thank you.
The variation chart displays incidents on the last month (floating), when the bar chart displays incidents for last month.
Bar chart will display incidents for M-1
Variation chart will display incidents for (M-1)-D / (M)-D
When I create a new incident, it appears to get stored in the DB with the wrong TZ (UTC+1?). This throws off my dashboard and incident views by 6 hours (which will of course vary for anyone not in UTC+1).
Below are screenshots of incidents I just created in a test instance at about 1320 local time, not 1920 as the DB seems to have.
Question
is there anyway to have the Dev install listen on more than the 127.0.0.1:8000 interface? I installed the app on unbuntu server but cant access it from outside of the server,
Firewall has been enabled to allow access to port 8000 from anywhere. Small Lab enviroment
@ubuntu:~$ sudo ufw status
Status: active
To Action From
8000 ALLOW Anywhere
22 ALLOW Anywhere
8000 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
@ubuntu:~$ netstat -ltn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:8000 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
For each incident type, the list of tasks to be done and who should do it in a team are the very similar from one incident to the next one.
Each incident type should have a template that contains the basic list of tasks that an organization follows to handle an incident (based on NIST maybe ?)
Under "Install MySQL", the apt-get install
line should add the python-dev
package or the pip install mysql-python
will fail with an error.
https://github.com/certsocietegenerale/FIR/wiki/Installation-on-a-production-environment
Hello, I notice in the URL that there is an incident/event ID. However this is not displayed on the ticket or the list of incidents/events. for deploying this in a SOC where there are lots of events and incidents it would be useful to search via an incident/event ID
Thanks
how to make a localized from English into Russian
Step 14 : RUN ./manage.py migrate && ./manage.py loaddata incidents/fixtures/seed_data.json && ./manage.py loaddata incidents/fixtures/dev_users.json && cp fir/urls.py.sample fir/urls.py
---> Running in 4c4f1d21688a
Traceback (most recent call last):
File "./manage.py", line 10, in <module>
execute_from_command_line(sys.argv)
File "/usr/local/lib/python2.7/dist-packages/django/core/management/__init__.py", line 353, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python2.7/dist-packages/django/core/management/__init__.py", line 345, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/lib/python2.7/dist-packages/django/core/management/base.py", line 348, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/local/lib/python2.7/dist-packages/django/core/management/base.py", line 398, in execute
self.check()
File "/usr/local/lib/python2.7/dist-packages/django/core/management/base.py", line 426, in check
include_deployment_checks=include_deployment_checks,
File "/usr/local/lib/python2.7/dist-packages/django/core/checks/registry.py", line 75, in run_checks
new_errors = check(app_configs=app_configs)
File "/usr/local/lib/python2.7/dist-packages/django/core/checks/urls.py", line 10, in check_url_config
return check_resolver(resolver)
File "/usr/local/lib/python2.7/dist-packages/django/core/checks/urls.py", line 19, in check_resolver
for pattern in resolver.url_patterns:
File "/usr/local/lib/python2.7/dist-packages/django/utils/functional.py", line 33, in __get__
res = instance.__dict__[self.name] = self.func(instance)
File "/usr/local/lib/python2.7/dist-packages/django/core/urlresolvers.py", line 417, in url_patterns
patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
File "/usr/local/lib/python2.7/dist-packages/django/utils/functional.py", line 33, in __get__
res = instance.__dict__[self.name] = self.func(instance)
File "/usr/local/lib/python2.7/dist-packages/django/core/urlresolvers.py", line 410, in urlconf_module
return import_module(self.urlconf_name)
File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "/home/fir/fir/urls.py", line 6, in <module>
from incidents import views
File "/home/fir/incidents/views.py", line 39, in <module>
from fir_todos.models import TodoListTemplate
File "/home/fir/fir_todos/models.py", line 6, in <module>
class TodoItem(models.Model):
File "/usr/local/lib/python2.7/dist-packages/django/db/models/base.py", line 102, in __new__
"INSTALLED_APPS." % (module, name)
RuntimeError: Model class fir_todos.models.TodoItem doesn't declare an explicit app_label and isn't in an application in INSTALLED_APPS.
On an incident view, usage of the 'Block' or 'Open' buttons create a comment with the wrong action label: 'Closed'.
I got the tab show Loading.... only.
I've got a very strange issue, since I just can't connect to the FIR dashboard... ("Wrong username/password combination" message).
I had a working install with django 1.7 & the appropriate FIR git repository, thus I could make everything run fine before.
I re-installed django, all python modules, and FIR, and my database from scratch, in a virtual environnement.
I am working with Centos 7 + Nginx + Gunicorn + Django (forwarding communications from nginx to gunicorn through a unix socket, but I doubt this should have any consequence on my current issue).
When I migrated, everything worked fine:
(env-FIR)@:[env-FIR]: python manage.py migrate --settings fir.config.production
Operations to perform:
Apply all migrations: fir_nuggets, fir_alerting, fir_artifacts, sessions, admin, sites, auth, fir_todos, contenttypes, incidents
Running migrations:
Rendering model states... DONE
Applying contenttypes.0001_initial... OK
[…]
Applying sites.0002_alter_domain_unique... OK
I have loaded both incidents/fixtures/seed_data.json & incidents/fixtures/dev_users.json (latter of which isn't mentionned in the production install, by the way^^).
I have created a superuser.
I can see users admin, dev, and my superuser when I connect manually to the database.
I do see the POST infos (whith my credentials being posted, then), but nothing in the logs...
This is a good exercise to track aaall the way the credentials go... but a bit of help would be much appreciated :)
Thx to all, great FIR team !
I was following the instructions in the Wiki to setup a dev environment. Everything went fine until I tried to create the dev test accounts:
$ ./manage.py loaddata incidents/fixtures/dev_users.json
File "/home/j/.local/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py", line 248, in value_to_db_datetime
raise ValueError("SQLite backend does not support timezone-aware datetimes when USE_TZ is False.")
ValueError: Problem installing fixture '/home/j/src/FIR/incidents/fixtures/dev_users.json': SQLite backend does not support timezone-aware datetimes when USE_TZ is False.
Setting USE_TZ
in fir/config/base.py
obviously fixed it.
sudo apt-get udpate
should be:
sudo apt-get update
After following the dev environment setup guide, the dashboard doesn't seem to properly show up.
Calls to /dashboard/blocked/
and /dashboard/open/
end up with a 500 return code:
Environment:
Request Method: GET
Request URL: http://REDACTED:8000/dashboard/blocked/?order_by=date&asc=false&page=1
Django Version: 1.7.6
Python Version: 2.7.9
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'incidents',
'django.contrib.admin',
'fir_plugins',
'fir_artifacts')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware')
Traceback:
File "/home/j/.local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
111. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/home/j/.local/lib/python2.7/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
21. return view_func(request, *args, **kwargs)
File "/home/j/.local/lib/python2.7/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
21. return view_func(request, *args, **kwargs)
File "/home/j/src/FIR/incidents/views.py" in dashboard_blocked
2029. return incident_display(request, Q(status='B'))
File "/home/j/src/FIR/incidents/views.py" in incident_display
1992. incidents_per_page = request.user.profile.incident_number
File "/home/j/.local/lib/python2.7/site-packages/django/utils/functional.py" in inner
225. return func(self._wrapped, *args)
File "/home/j/.local/lib/python2.7/site-packages/django/db/models/fields/related.py" in __get__
428. self.related.get_accessor_name()
Exception Type: RelatedObjectDoesNotExist at /dashboard/blocked/
Exception Value: User has no profile.
When trying to remove business lines via the admin page, a traceback occurs with the following error:
no such table: incidents_recipienttemplate
I am following the wiki installation guide and when I get to the FGCI portion, I configure the fir.config file as per instructions but when I try to run FIR with the "sudo start fir" the process starts but dies immediately.
I tried to troubleshoot by running the command manually and get this error:
admin@AJS-FIR:/opt/FIR$ sudo /opt/FIR/manage.py runfcgi --settings fir.config.production daemonize=false protocol=fcgi host=127.0.0.1 port=54584 Unknown command: 'runfcgi'
Suggesting that runfastcgi is not installed.
Scrolling back through my installation I see these errors which may be related after running: "sudo pip install -r requirements.txt"
Compiling /tmp/pip_build_root/django/django/conf/app_template/apps.py ... File "/tmp/pip_build_root/django/django/conf/app_template/apps.py", line 1 {{ unicode_literals }}from django.apps import AppConfig ^ SyntaxError: invalid syntax Compiling /tmp/pip_build_root/django/django/conf/app_template/models.py ... File "/tmp/pip_build_root/django/django/conf/app_template/models.py", line 1 {{ unicode_literals }}from django.db import models ^ SyntaxError: invalid syntax
Other Info: Running clean Ubuntu 14.04 server
Im excited to check this out and I am hoping to get this running to teach my students in my class. Is there a stable OVA floating around?
Hello,
It would be great to have an integration bus (a broker) or webhooks that broadcast events from system such as :
I'm currently working on a wallboard for all product we use, and integration is the key problem to all products.
Not necessarily a complex broker (RabbitMQ) but something light (Redis PUB/SUB, 0MQ, Webhooks).
Regards.
I'm having an issue with sending mails with FIR. I put my smtp server and port in the production.py but when I try to send a mail with the web interface it remains stuck at "Sending..." after I click the "Send email" button.
Topic says it...I followed the production install instructions and it's been working great. How do I keep that install up to date? Thank you.
There is a little CSS problem in the "Incident Details" section. The "confidentiality" drop down list is not correctly aligned (#CSSHELL)
Good Luck :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.