Coder Social home page Coder Social logo

kranicom / iris-web Goto Github PK

View Code? Open in Web Editor NEW

This project forked from dfir-iris/iris-web

0.0 0.0 0.0 24.8 MB

Collaborative Incident Response platform

License: GNU Lesser General Public License v3.0

Shell 0.03% JavaScript 88.60% Python 3.46% CSS 3.62% Makefile 0.01% HTML 2.15% Mako 0.01% Dockerfile 0.03% SCSS 2.11%

iris-web's Introduction

Incident Response Investigation System

IRIS

License: LGPL v3
IRIS is a web collaborative platform aiming to help incident responders sharing technical details during investigations.

demo_timeline

Getting started

It is divided in two main parts, IrisWeb and IrisModules.

  • IrisWeb is the web application which contains the core of Iris (web interface, database management, etc).
  • IrisModules are extensions of the core that allow third parties to process data via Iris (eg enrich IOCs with MISP and VT, upload and injection of EVTX into Splunk).

IrisWeb can work without any modules though defaults ones are preinstalled. Head to Manage > Modules in the UI to configure and enable them.

Run IrisWeb

Iris is split on 5 Docker services, each with a different role.

  • app - iris_webapp: The core, including web server, DB management, module management etc.
  • db: A PostgresSQL database
  • RabbitMQ: A RabbitMQ engine to handle jobs queuing and processing
  • worker: Jobs handler relying on RabbitMQ
  • nginx: A NGINX reverse proxy

Each service can be built independently, which can be useful when developing.

#  Clone the iris-web repository
git clone https://github.com/dfir-iris/iris-web.git
cd iris-web

# Copy the environment file 
cp .env.model .env
# [... optionally, do some configuration as specified below ...]

# Build the dockers
docker-compose build

# Run IRIS 
docker-compose up

Iris will be available on the host interface, port 4433, protocol HTTPS - https://<your_instance_ip>:4433.
By default, an administrator account is created. The password is printed in stdout the very first time Iris is started. It won't be printed anymore after that.
You can search for WARNING :: post_init :: create_safe_admin :: >>> in the logs to find the password.

If you want to define an admin password at the first start, you can also create and define the environment variable IRIS_ADM_PASSWORD in the app docker instance (see the webApp Dockerfile). This has no effects once the administrator account is created.

Optional configuration

You can skip this part if you just want to try or develop. If used in production, please configure the .env file at the root of the project:

  • Nginx: you might want to specify your own certificate as specified above
  • Database credentials: POSTGRES_PASSWORD and DB_PASS (you can also customise the usernames)
  • IRIS secrets: SECRET_KEY and SECURITY_PASSWORD_SALT

Showcase

For a more comprehensive overview of the case features, you can head to tutorials, we've put some videos there.

Upgrades

Please read the release notes when upgrading versions. Most of the time the migrations are handled automatically, but some changes might require manual labor depending on the version.

Documentation

A comprehensive documentation is available on dfir-iris.github.io.

API

The API reference is available in the documentation or documentation repository.

Help

You can reach us on Discord or by mail if you have any question, issue or idea !

Considerations

Iris is in its early stage. It can already be used in production, but please set backups of the database and DO NOT expose the interface on the Internet. We highly recommend using a private dedicated and secured network.

License

The contents of this repository is available under LGPL3 license.

iris-web's People

Contributors

ektoplasma avatar sebastiandemmer avatar wagga40 avatar whikernel avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.