v1d1an / s1em Goto Github PK
View Code? Open in Web Editor NEWThis project is a SIEM with SIRP and Threat Intel, all in one.
License: MIT License
This project is a SIEM with SIRP and Threat Intel, all in one.
License: MIT License
how to set an agent on windows and other distro
I am evaluating SELKS and security onion and S1EM and am confused as to which one to choose and what are the similarities and differences between them.
5c45131fe946 v1d1an/stoq:3.0.5 "stoq run -a yara ha…" 9 minutes ago Restarting (1) 58 seconds ago stoq
docker logs stoq
stoq.exceptions.StoqPluginException: Mwdb API Key was not provided
{"asctime": "2022-04-24 09:51:14,292", "levelname": "DEBUG", "name": "stoq", "message": "Writing logs to /home/stoq/.stoq/logs/stoq.log"}
Traceback (most recent call last):
File "/usr/local/bin/stoq", line 33, in <module>
sys.exit(load_entry_point('stoq-framework==3.0.1', 'console_scripts', 'stoq')())
File "/usr/local/lib/python3.7/site-packages/stoq_framework-3.0.1-py3.7.egg/stoq/cli.py", line 294, in main
plugin_dir_list=args.plugin_dir,
File "/usr/local/lib/python3.7/site-packages/stoq_framework-3.0.1-py3.7.egg/stoq/core.py", line 470, in __init__
d: self.load_plugin(d) for d in dest_archivers if d # type: ignore
File "/usr/local/lib/python3.7/site-packages/stoq_framework-3.0.1-py3.7.egg/stoq/core.py", line 470, in <dictcomp>
d: self.load_plugin(d) for d in dest_archivers if d # type: ignore
File "/usr/local/lib/python3.7/site-packages/stoq_framework-3.0.1-py3.7.egg/stoq/plugin_manager.py", line 177, in load_plugin
plugin = plugin_class(plugin_config)
File "/home/stoq/.stoq/plugins/mwdb/mwdb.py", line 45, in __init__
raise StoqPluginException("Mwdb API Key was not provided")
stoq.exceptions.StoqPluginException: Mwdb API Key was not provided
{"asctime": "2022-04-24 09:52:15,042", "levelname": "DEBUG", "name": "stoq", "message": "Writing logs to /home/stoq/.stoq/logs/stoq.log"}
Traceback (most recent call last):
File "/usr/local/bin/stoq", line 33, in <module>
sys.exit(load_entry_point('stoq-framework==3.0.1', 'console_scripts', 'stoq')())
File "/usr/local/lib/python3.7/site-packages/stoq_framework-3.0.1-py3.7.egg/stoq/cli.py", line 294, in main
plugin_dir_list=args.plugin_dir,
File "/usr/local/lib/python3.7/site-packages/stoq_framework-3.0.1-py3.7.egg/stoq/core.py", line 470, in __init__
d: self.load_plugin(d) for d in dest_archivers if d # type: ignore
File "/usr/local/lib/python3.7/site-packages/stoq_framework-3.0.1-py3.7.egg/stoq/core.py", line 470, in <dictcomp>
d: self.load_plugin(d) for d in dest_archivers if d # type: ignore
File "/usr/local/lib/python3.7/site-packages/stoq_framework-3.0.1-py3.7.egg/stoq/plugin_manager.py", line 177, in load_plugin
plugin = plugin_class(plugin_config)
File "/home/stoq/.stoq/plugins/mwdb/mwdb.py", line 45, in __init__
raise StoqPluginException("Mwdb API Key was not provided")
stoq.exceptions.StoqPluginException: Mwdb API Key was not provided
docker logs mwdb-web
2022/04/24 09:50:57 [error] 10#10: *75 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.19, server: mwdb-web, request: "POST /api/auth/login HTTP/1.1", upstream: "http://172.18.0.24:8080/api/auth/login", host: "mwdb-web"
172.18.0.19 - - [24/Apr/2022:09:50:57 +0000] "POST /api/auth/login HTTP/1.1" 502 157 "-" "mwdblib/4.1.0 python-requests/2.27.1" "-"
2022/04/24 09:51:07 [error] 10#10: *75 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.19, server: mwdb-web, request: "POST /api/auth/login HTTP/1.1", upstream: "http://172.18.0.24:8080/api/auth/login", host: "mwdb-web"
172.18.0.19 - - [24/Apr/2022:09:51:07 +0000] "POST /api/auth/login HTTP/1.1" 502 157 "-" "mwdblib/4.1.0 python-requests/2.27.1" "-"
172.18.0.19 - - [24/Apr/2022:09:51:17 +0000] "POST /api/auth/login HTTP/1.1" 502 157 "-" "mwdblib/4.1.0 python-requests/2.27.1" "-"
2022/04/24 09:51:17 [error] 10#10: *75 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.19, server: mwdb-web, request: "POST /api/auth/login HTTP/1.1", upstream: "http://172.18.0.24:8080/api/auth/login", host: "mwdb-web"
2022/04/24 09:51:17 [error] 10#10: *82 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.19, server: mwdb-web, request: "POST /api/auth/login HTTP/1.1", upstream: "http://172.18.0.24:8080/api/auth/login", host: "mwdb-web"
172.18.0.19 - - [24/Apr/2022:09:51:17 +0000] "POST /api/auth/login HTTP/1.1" 502 157 "-" "mwdblib/4.1.0 python-requests/2.27.1" "-"
172.18.0.19 - - [24/Apr/2022:09:51:27 +0000] "POST /api/auth/login HTTP/1.1" 502 157 "-" "mwdblib/4.1.0 python-requests/2.27.1" "-"
2022/04/24 09:51:27 [error] 10#10: *82 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.19, server: mwdb-web, request: "POST /api/auth/login HTTP/1.1", upstream: "http://172.18.0.24:8080/api/auth/login", host: "mwdb-web"
2022/04/24 09:51:37 [error] 10#10: *82 connect() failed (111: Connection refused) while connecting to upstream, client: 172.18.0.19, server: mwdb-web, request: "POST /api/auth/login HTTP/1.1", upstream: "http://172.18.0.24:8080/api/auth/login", host: "mwdb-web"
172.18.0.19 - - [24/Apr/2022:09:51:37 +0000] "POST /api/auth/login HTTP/1.1" 502 157 "-" "mwdblib/4.1.0 python-requests/2.27.1" "-"
docker logs mwdb
psql: error: connection to server at "postgres" (172.18.0.12), port 5432 failed: FATAL: password authentication failed for user "mwdb"
Waiting for postgres
psql: error: connection to server at "postgres" (172.18.0.12), port 5432 failed: FATAL: password authentication failed for user "mwdb"
Waiting for postgres
psql: error: connection to server at "postgres" (172.18.0.12), port 5432 failed: FATAL: password authentication failed for user "mwdb"
Waiting for postgres
psql: error: connection to server at "postgres" (172.18.0.12), port 5432 failed: FATAL: password authentication failed for user "mwdb"
Waiting for postgres
psql: error: connection to server at "postgres" (172.18.0.12), port 5432 failed: FATAL: password authentication failed for user "mwdb"
Waiting for postgres
psql: error: connection to server at "postgres" (172.18.0.12), port 5432 failed: FATAL: password authentication failed for user "mwdb"
Waiting for postgres
psql: error: connection to server at "postgres" (172.18.0.12), port 5432 failed: FATAL: password authentication failed for user "mwdb"
Waiting for postgres
psql: error: connection to server at "postgres" (172.18.0.12), port 5432 failed: FATAL: password authentication failed for user "mwdb"
{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}{"type":"NoNodeAvailable","message":"ElasticSearch cluster is unreachable"}
Can you commit a agent guide?How to install agent?how to configure it?thanks
delete
Hello. I tried everything but after rebooting the machine every time in Arkime, there is no data. The .pcaps are in the container but after every reboot, the machine loses Arkime data and starts to show only new .pcaps Can you help me to resolve this issues? Thank you.
Steps to create the smallest reproducible scenario:
Hi,
I want to use your code but legally, without a license I can't.
Can you please add one?
More info :
{"log":""Caused by: java.security.AccessControlException: access denied (\"java.io.FilePermission\" \"/usr/share/elasticsearch/config/certificates/certs/ca-cert-NetLock_Arany_=Class_Gold=_F��tan��s��tv��ny.pem\" \"
read\")",\n","stream":"stdout","time":"2022-04-14T12:44:17.233448403Z"}
{"log":""at java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) ~[?:?]",\n","stream":"stdout","time":"2022-04-14T12:44:17.233458803Z"}
{"log":"uncaught exception in thread [main]\n","stream":"stderr","time":"2022-04-14T12:44:17.233211701Z"}
{"log":""at java.security.AccessController.checkPermission(AccessController.java:1068) ~[?:?]",\n","stream":"stdout","time":"2022-04-14T12:44:17.233466003Z"}
{"log":""at java.lang.SecurityManager.checkPermission(SecurityManager.java:416) ~[?:?]",\n","stream":"stdout","time":"2022-04-14T12:44:17.233587004Z"}
{"log":""at java.lang.SecurityManager.checkRead(SecurityManager.java:756) ~[?:?]",\n","stream":"stdout","time":"2022-04-14T12:44:17.233596204Z"}
Is possible to include Wazuh or integrate with ELK?
StringEntity({"seq_no_primary_term":"true","query":{"ids":{"values":["init"]}},"size":1},Some(application/json))
=> ElasticError(security_exception,unable to authenticate user [elastic] for REST request [/cortex_6/_search],None,None,None,List(ElasticError(security_exception,unable to aNone,None,None,null,None,None,None,List())),None,None,None,List())
[info] o.t.c.s.ErrorHandler - POST /cortex/api/organization/analyzer/MISP_2_1 returned 500
org.elastic4play.InternalError: Unknown error: ElasticError(security_exception,unable to authenticate user [elastic] for REST request [/cortex_6/_search],None,None,None,List(stic] for REST request [/cortex_6/_search],None,None,None,null,None,None,None,List())),None,None,None,List())
at org.elastic4play.database.DBConfiguration.$anonfun$execute$2(DBConfiguration.scala:158)
at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:307)
at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:56)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:93)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:93)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:48)
Hello,
When im deploy with 01_deploy.sh
stuck in messages " Wait to kibana online"
and when i run the web opencti is 404
Enter the monitoring interface (ex:ens32):ens37
Failed to start S1EM-promiscuous.service: Unit is not loaded properly: Invalid argument.
See system logs and 'systemctl status S1EM-promiscuous.service' for details.
##########################################
######### GENERATE CERTIFICATE ###########
##########################################
yaml: line 1460: did not find expected key
##########################################
########## DOCKER DOWNLOADING ############
##########################################
yaml: line 1460: did not find expected key
##########################################
########## STARTING TRAEFIK ##############
##########################################
yaml: line 1460: did not find expected key
##########################################
############# STARTING HOMER #############
##########################################
yaml: line 1460: did not find expected key
##########################################
##########################################
yaml: line 1460: did not find expected key
Error: No such container: es01
Waiting for Elasticsearch to come online.
Linux localhost.localdomain 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
CentOS Linux release 7.9.2009 (Core)
[root@localhost S1EM]# docker version
Client: Docker Engine - Community
Version: 20.10.14
API version: 1.41
Go version: go1.16.15
Git commit: a224086
Built: Thu Mar 24 01:49:57 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.14
API version: 1.41 (minimum version 1.12)
Go version: go1.16.15
Git commit: 87a90dc
Built: Thu Mar 24 01:48:24 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.5.11
GitCommit: 3df54a852345ae127d1fa3092b95168e4a88e2f8
runc:
Version: 1.0.3
GitCommit: v1.0.3-0-gf46b6ba
docker-init:
Version: 0.19.0
GitCommit: de40ad0
[root@localhost S1EM]# docker-compose version
Docker Compose version v2.4.1
Steps to create the smallest reproducible scenario:
Hi i have an issue on the docker filebeat it is not starting at all.
this is the error i get when i start the project.
ERROR: for filebeat Cannot start service filebeat: OCI runtime create failed: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:76: mounting "/var/lib/docker/volumes/s1em_fleet/_data" to rootfs at "/var/log/osquery" caused: mkdir /var/lib/docker/overlay2/10ec02b905dc0d0f9ebc96c974327186b007c167d170d929bd95d593de2e6786/merged/var/log/osquery: read-only file system: unknown
ERROR: Encountered errors while bringing up the project.
i'm using ubuntu 18.04
thanks
Hello!
Can't install S1EM
Ubuntu Server 20
latest docker & docker-compose
Starting of installation
##########################################
######### GENERATE CERTIFICATE ###########
##########################################
/usr/local/bin/docker-compose: line 1: Not: command not found
##########################################
########## DOCKER DOWNLOADING ############
##########################################
/usr/local/bin/docker-compose: line 1: Not: command not found
##########################################
########## STARTING TRAEFIK ##############
##########################################
/usr/local/bin/docker-compose: line 1: Not: command not found
##########################################
############# STARTING HOMER #############
##########################################
/usr/local/bin/docker-compose: line 1: Not: command not found
##########################################
##########################################
/usr/local/bin/docker-compose: line 1: Not: command not found
Error response from daemon: No such container: es01
Waiting for Elasticsearch to come online.
^C
Hello,
Is it possible to add a SSO for all services with a AD or a LDAP ?
So the SOC man have just to logging to the front URL once.
The Best will be that all the internal password are in a vault only know by the vault and change every x day.
Thanks
Error: near line 4: UNIQUE constraint failed: items.id
Error: near line 5: UNIQUE constraint failed: items.id
Error: near line 6: UNIQUE constraint failed: items.id
Error: near line 7: UNIQUE constraint failed: items.id
Error: near line 8: UNIQUE constraint failed: items.id
Error: near line 9: UNIQUE constraint failed: items.id
Error: near line 10: UNIQUE constraint failed: items.id
Error: near line 11: UNIQUE constraint failed: items.id
Error: near line 12: UNIQUE constraint failed: items.id
Error: near line 13: UNIQUE constraint failed: items.id
Error: near line 14: UNIQUE constraint failed: items.id
Error: near line 15: UNIQUE constraint failed: items.id
Hi,
Maybe it can be interesting to check rock-nsm and integrate some of its feature in your project like the dashboard.
i let you check and tell me if it interesting or not :)
I'm stuck at the deployment of the misp docker.
##########################################
########## STARTING DATABASES ############
##########################################
Creating db ... done
Creating postgres ... done
##########################################
############ STARTING MISP ###############
##########################################
db is up-to-date
redis is up-to-date
Creating misp-modules ... done
Creating misp ... done
##########################################
########### CONFIGURING MISP #############
##########################################
Waiting for MISP to come online.
Waiting for MISP to come online.
If i run "docker logs misp" i'm getting this output:
2022-12-29 15:50:20,173 INFO Set uid to user 0 succeeded
2022-12-29 15:50:20,175 INFO supervisord started with pid 7
2022-12-29 15:50:21,178 INFO spawned: 'cron' with pid 8
2022-12-29 15:50:21,182 INFO spawned: 'nginx' with pid 9
2022-12-29 15:50:21,185 INFO spawned: 'php-fpm_00' with pid 10
2022-12-29 15:50:21,190 INFO spawned: 'workers' with pid 14
/etc/nginx/certs/cert.pem /etc/ssl/certs/cert.pem
/etc/nginx/certs/dhparams.pem /etc/ssl/certs/dhparams.pem
/etc/nginx/certs/key.pem /etc/ssl/certs/key.pem
Setup MySQL...
Configure PHP | Change PHP values ...
2022-12-29 15:50:21,193 INFO success: php-fpm_00 entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
Starting PHP FPM
2022-12-29 15:50:22,207 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-12-29 15:50:22,207 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-12-29 15:50:22,208 INFO success: workers entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
Waiting for database to come up
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
Waiting for database to come up
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
Waiting for database to come up
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
Waiting for database to come up
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
Waiting for database to come up
Waiting for database to come up
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
Waiting for database to come up
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
Waiting for database to come up
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
Waiting for database to come up
ERROR 2002 (HY000): Can't connect to MySQL server on 'db' (115)
Waiting for database to come up
Hello
when i upgrade my S1EM version it does not upgrade my .env i had an error in my upgrade like
ELASTIC_VERSION variable is not SET
maybe it should be said before upgrading to do a merge of the actual .env with the env.sample or do it automatically with the bash script.
Hey guys,
I was getting an issue within the docker-compose.yml in line 387:
ERROR: yaml.scanner.ScannerError: mapping values are not allowed here in "./docker-compose.yml", line 387, column 30
Had to modify it from
command: -C -i af_packet:: local
to
command: -C -i af_packet::local
I'm not sure if this is correct, I have another box where the script is working but on this particular one I'm getting this error later on:
Enter the monitoring interface (ex:ens32):
Job for S1EM-promiscuous.service failed because the control process exited with error code.
See "systemctl status S1EM-promiscuous.service" and "journalctl -xe" for details.
##########################################
######### GENERATE CERTIFICATE ###########
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
##########################################
########## DOCKER DOWNLOADING ############
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
##########################################
########## STARTING TRAEFIK ##############
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
##########################################
############# STARTING HOMER #############
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
##########################################
##### STARTING ELASTICSEARCH/KIBANA ######
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
Error: No such container: es01
Waiting for Elasticsearch to come online.
Machine is:
Linux ip-xxxxxxx #23~20.04.1-Ubuntu SMP Mon Nov 15 14:03:19 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
##########################################
########### STARTING CORTEX ##############
##########################################
[+] Running 2/2
⠿ Container es01 Running 0.0s
⠿ Container cortex Started 4.3s
keytool error: java.lang.Exception: Alias <ca> does not exist
Certificate was added to keystore
[+] Running 0/1
[+] Running 0/1rtex Restarting 6.5s
[+] Running 1/1rtex Restarting 6.7s
⠿ Container cortex Started 10.8s
##########################################
######### DEPLOY CORTEX USER #############
##########################################
PassiveTotal_Components 2.0
AzureTokenRevoker 1.0
MetaDefenderCore_GetReport 1.0
Diario_GetReport 1.0
MalwareClustering_Search 1.0
Mnemonic_pDNS_Closed 3.0
Splunk_Search_File_Filename 3.0
UnshortenLink 1.2
Onyphe_Summary 1.0
AnyRun_Sandbox_Analysis 1.0
[error] o.e.d.DBConfiguration - ElasticSearch request failure: POST:/cortex_6/_search?scroll=60000ms
StringEntity({"seq_no_primary_term":"true","query":{"bool":{"must":[{"term":{"relations":{"value":"worker"}}},{"match_all":{}}]}},"from":0,"sort":[{"_doc":{"order":"desc"}}]},Some(application/json))
=> ElasticError(index_not_found_exception,no such index [cortex_6],Some(_na_),Some(cortex_6),None,List(ElasticError(index_not_found_exception,no such index [cortex_6],Some(_na_),Some(cortex_6),None,null,None,None,None,List())),None,None,None,List())
[warn] o.e.d.SearchWithScroll - Search error
org.elastic4play.IndexNotFoundException$: null
at org.elastic4play.IndexNotFoundException$.<clinit>(Errors.scala)
at org.elastic4play.database.DBConfiguration.$anonfun$execute$2(DBConfiguration.scala:155)
at scala.concurrent.Future.$anonfun$flatMap$1(Future.scala:307)
at scala.concurrent.impl.Promise.$anonfun$transformWith$1(Promise.scala:41)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:56)
at akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:93)
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:93)
[info] p.c.s.AkkaHttpServer - Enabling HTTP/2 on Akka HTTP server...
[info] p.c.s.AkkaHttpServer - Listening for HTTP on /0.0.0.0:9001
[info] c.s.e.h.JavaClient$ - Creating HTTP client on https://es01:9200
[info] c.s.e.h.JavaClient$ - Creating HTTP client on https://es01:9200
[info] c.s.e.h.JavaClient$ - Creating HTTP client on https://es01:9200
[info] c.s.e.h.JavaClient$ - Creating HTTP client on https://es01:9200
[info] c.s.e.h.JavaClient$ - Creating HTTP client on https://es01:9200
[info] o.e.s.MigrationSrv - Create a new empty database
[info] o.e.s.MigrationSrv - Migrate database from version 0, add operations for version 2
[info] o.e.s.MigrationSrv - Migrate database from version 0, add operations for version 3
[info] o.e.s.MigrationSrv - Migrate database from version 0, add operations for version 4
[info] o.e.s.MigrationSrv - Migrate database from version 0, add operations for version 5
[info] o.e.s.MigrationSrv - Migrate database from version 0, add operations for version 6
[warn] o.e.c.RestClient - request [PUT https://es01:9200/cortex_6?include_type_name=false] returned 1 warnings: [299 Elasticsearch-7.17.2-de7261de50d90919ae53b0eff9413fd7e5307301 "[types removal] Using include_type_name in create index requests is deprecated. The parameter will be removed in the next major version."]
[info] o.e.s.MigrationSrv - Migrating 0 entities from sequence
[info] o.e.s.MigrationSrv - Migrating 0 entities from artifact
[info] o.e.s.MigrationSrv - Migrating 0 entities from audit
[info] o.e.s.MigrationSrv - Migrating 0 entities from data
[info] o.e.s.MigrationSrv - Migrating 0 entities from dblist
migrateEntity(sequence) has finished : Success(())
migrateEntity(audit) has finished : Success(())
migrateEntity(artifact) has finished : Success(())
migrateEntity(data) has finished : Success(())
[info] o.e.s.MigrationSrv - Migrating 0 entities from job
migrateEntity(dblist) has finished : Success(())
[info] o.e.s.MigrationSrv - Migrating 0 entities from organization
[info] o.e.s.MigrationSrv - Migrating 0 entities from report
[info] o.e.s.MigrationSrv - Migrating 0 entities from user
migrateEntity(report) has finished : Success(())
migrateEntity(job) has finished : Success(())
migrateEntity(organization) has finished : Success(())
[info] o.e.s.MigrationSrv - Migrating 0 entities from worker
migrateEntity(user) has finished : Success(())
[info] o.e.s.MigrationSrv - Migrating 0 entities from workerConfig
migrateEntity(worker) has finished : Success(())
migrateEntity(workerConfig) has finished : Success(())
[info] o.e.s.MigrationSrv - End of migration
##########################################
######### DEPLOY CORTEX USER #############
##########################################
Waiting for Cortex to come online.
Waiting for Cortex to come online.
{"_id":"[email protected]","createdAt":1650872396446,"name":"[email protected]","createdBy":"init","roles":["superadmin"],"organization":"cortex","status":"Ok","_type":"user","_parent":null,"_routing":"[email protected]","_seqNo":0,"_primaryTerm":1,"id":"[email protected]","hasKey":true,"hasPassword":false}{"createdAt":1650872398227,"status":"Active","createdBy":"[email protected]","description":"SOC team","_id":"test","_type":"organization","_parent":null,"_routing":"test","_seqNo":2,"_primaryTerm":1,"id":"test","name":"test"}{"createdBy":"[email protected]","_id":"[email protected]","createdAt":1650872399245,"name":"[email protected]","organization":"test","roles":["read","analyze","orgadmin"],"status":"Ok","_type":"user","_parent":null,"_routing":"[email protected]","_seqNo":0,"_primaryTerm":1,"id":"[email protected]","hasKey":false,"hasPassword":false}{"type":"AuthorizationError","message":"Insufficient rights to perform this action"}{"type":"AuthorizationError","message":"Insufficient rights to perform this action"}{"type":"AuthorizationError","message":"Insufficient rights to perform this action"}{"type":"AuthorizationError","message":"Insufficient rights to perform this action"}{"type":"AuthorizationError","message":"Insufficient rights to perform this action"}
##########################################
######### CONFIGURING THEHIVE ############
##########################################
##########################################
######## DEPLOY THEHIVE USER #############
##########################################
Waiting for TheHive to come online.
Waiting for TheHive to come online.
Waiting for TheHive to come online.
Waiting for TheHive to come online.
Waiting for TheHive to come online.
Waiting for TheHive to come online.
{"name":"test","description":"SOC team","_id":"~16400","id":"~16400","createdAt":1650872529470,"createdBy":"[email protected]","_type":"organisation","links":[]}{"type":"NotFoundError","message":"User not found"}
##########################################
######## CONFIGURING ELASTALERT ##########
##########################################
[info] o.j.g.d.m.ManagementSystem [|] Index update job successful for [global]
[info] o.t.s.m.Database [|mgmt-460d99bb] Reindex job 705a77f0 is finished
[info] o.t.s.m.Operations [|] *** UPDATE SCHEMA OF thehive-cortex (2): Create database schema
[info] o.t.s.m.Database [|mgmt-6c96e9f2] Creating database schema
[info] o.t.s.m.Operations [|] *** UPDATE SCHEMA OF thehive (99): Create database schema
[info] o.t.s.m.Database [|mgmt-26b82ee7] Creating database schema
[info] a.c.s.ClusterSingletonManager [|] Singleton manager starting singleton actor [akka://application/system/singletonManagerCaseNumberLeader/CaseNumberLeader]
[info] a.c.s.ClusterSingletonManager [|] ClusterSingletonManager state change [Start -> Oldest]
[info] o.q.i.StdSchedulerFactory [|] Using default implementation for ThreadExecutor
[info] o.q.s.SimpleThreadPool [|] Job execution threads will use class loader of thread: main
[info] o.q.c.SchedulerSignalerImpl [|] Initialized Scheduler Signaller of type: class org.quartz.core.SchedulerSignalerImpl
[info] o.q.c.QuartzScheduler [|] Quartz Scheduler v.2.3.2 created.
[info] o.q.s.RAMJobStore [|] RAMJobStore initialized.
[info] o.q.c.QuartzScheduler [|] Scheduler meta-data: Quartz Scheduler (v2.3.2) 'DefaultQuartzScheduler' with instanceId 'NON_CLUSTERED'
Scheduler class: 'org.quartz.core.QuartzScheduler' - running locally.
NOT STARTED.
Currently in standby mode.
Number of jobs executed: 0
Using thread pool 'org.quartz.simpl.SimpleThreadPool' - with 10 threads.
Using job-store 'org.quartz.simpl.RAMJobStore' - which does not support persistence. and is not clustered.
[info] o.q.i.StdSchedulerFactory [|] Quartz scheduler 'DefaultQuartzScheduler' initialized from default resource file in Quartz package: 'quartz.properties'
[info] o.q.i.StdSchedulerFactory [|] Quartz scheduler version: 2.3.2
[info] o.q.c.QuartzScheduler [|] Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED started.
[info] a.c.s.ClusterSingletonManager [|] Singleton manager starting singleton actor [akka://application/system/singletonManagerIntegrityCheckActor/IntegrityCheckActor]
[info] a.c.s.ClusterSingletonManager [|] ClusterSingletonManager state change [Start -> Oldest]
[info] a.c.s.ClusterSingletonProxy [|] Singleton identified at [akka://application/system/singletonManagerCaseNumberLeader/CaseNumberLeader]
[info] o.t.t.s.IntegrityCheck [|] Integrity checks is enabled and will start at Sun May 01 02:30:00 UTC 2022
[info] a.c.s.ClusterSingletonProxy [|] Singleton identified at [akka://application/system/singletonManagerIntegrityCheckActor/IntegrityCheckActor]
[info] o.t.t.c.m.s.TheHiveMispClient [|] Add MISP connection MISP
url: https://siem.kkguan.com/misp
proxy: <not set>
filters:
max attributes: <not set>
max age: <not set>
excluded orgs:
excluded tags:
whitelist tags:
[info] a.c.s.ClusterSingletonManager [|] Singleton manager starting singleton actor [akka://application/user/misp-actor-singleton/singleton]
[info] a.c.s.ClusterSingletonManager [|] ClusterSingletonManager state change [Start -> Oldest]
[info] o.t.t.c.m.s.MispActor [|] [Actor[akka://application/user/misp-actor-singleton/singleton#-1138602413]] Starting actor MISP
[info] a.c.s.ClusterSingletonProxy [|] Singleton identified at [akka://application/user/misp-actor-singleton/singleton]
[info] a.c.s.ClusterSingletonManager [|] Singleton manager starting singleton actor [akka://application/user/flowSingletonManager/singleton]
[info] a.c.s.ClusterSingletonManager [|] ClusterSingletonManager state change [Start -> Oldest]
[info] play.api.Play [|] Application started (Prod) (no global state)
[info] p.c.s.AkkaHttpServer [|] Listening for HTTP on /0.0.0.0:9000
[info] a.c.s.ClusterSingletonProxy [|] Singleton identified at [akka://application/user/flowSingletonManager/singleton]
[info] o.t.s.c.Entrypoint [00000002|] 172.18.0.2 POST /thehive/api/v0/organisation
[info] o.t.s.AccessLogFilter [00000002|] 172.18.0.2 POST /thehive/api/v0/organisation took 624ms and returned 201 166 bytes
[info] o.t.s.c.Entrypoint [00000003|] 172.18.0.2 POST /thehive/api/v1/user
[error] o.t.s.u.Retry [00000003|3c3bd6ba] uncaught error, not retrying
org.thp.scalligraph.NotFoundError: User not found
at org.thp.scalligraph.traversal.TraversalOps$TraversalOpsDefs.getOrFail(TraversalOps.scala:145)
at org.thp.thehive.services.LocalPasswordAuthSrv.$anonfun$setPassword$1(LocalPasswordAuthSrv.scala:113)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$7(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$6(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.utils.DelayRetry.withTry(Retry.scala:93)
at org.thp.scalligraph.janus.JanusDatabase.tryTransaction(JanusDatabase.scala:238)
at org.thp.thehive.services.LocalPasswordAuthSrv.setPassword(LocalPasswordAuthSrv.scala:107)
at org.thp.scalligraph.auth.MultiAuthSrv.$anonfun$setPassword$1(MultiAuthSrv.scala:107)
[error] o.t.s.m.Database [00000003|3c3bd6ba] Exception raised, rollback (User not found)
[warn] o.t.t.s.TOTPAuthSrv [00000003|3c3bd6ba] local fails: org.thp.scalligraph.NotFoundError: User not found
[warn] o.t.s.ErrorHandler [00000003|3c3bd6ba] POST /thehive/api/v1/user returned 404
[info] o.t.s.AccessLogFilter [00000003|] 172.18.0.2 POST /thehive/api/v1/user took 354ms and returned 404 51 bytes
[info] o.t.s.c.Entrypoint [00000004|] 172.18.0.2 POST /thehive/api/v1/user/[email protected]/key/renew
[error] o.t.s.u.Retry [00000004|7ba3f473] uncaught error, not retrying
org.thp.scalligraph.NotFoundError: User not found
at org.thp.scalligraph.traversal.TraversalOps$TraversalOpsDefs.getOrFail(TraversalOps.scala:145)
at org.thp.thehive.services.LocalKeyAuthSrv.$anonfun$renewKey$1(LocalKeyAuthSrv.scala:51)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$7(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.janus.JanusDatabase.$anonfun$tryTransaction$6(JanusDatabase.scala:241)
at scala.util.Try$.apply(Try.scala:213)
at org.thp.scalligraph.utils.DelayRetry.withTry(Retry.scala:93)
at org.thp.scalligraph.janus.JanusDatabase.tryTransaction(JanusDatabase.scala:238)
at org.thp.thehive.services.LocalKeyAuthSrv.renewKey(LocalKeyAuthSrv.scala:43)
at org.thp.scalligraph.auth.MultiAuthSrv.$anonfun$renewKey$1(MultiAuthSrv.scala:110)
[error] o.t.s.m.Database [00000004|7ba3f473] Exception raised, rollback (User not found)
[warn] o.t.t.s.TOTPAuthSrv [00000004|7ba3f473] key fails: org.thp.scalligraph.NotFoundError: User not found
[warn] o.t.s.ErrorHandler [00000004|7ba3f473] POST /thehive/api/v1/user/[email protected]/key/renew returned 404
[info] o.t.s.AccessLogFilter [00000004|] 172.18.0.2 POST /thehive/api/v1/user/[email protected]/key/renew took 189ms and returned 404 51 bytes
[info] o.t.t.s.IntegrityCheck [|] Integrity check on Organisation ( dedup ): job scheduled, it will start at Mon Apr 25 07:42:39 UTC 2022
[info] o.t.t.s.IntegrityCheck [|] Start of deduplication of Organisation
[info] o.t.t.s.IntegrityCheck [|] End of deduplication of Organisation:
duplicate: 0
duration: 55
[info] o.t.t.s.IntegrityCheck [|] Integrity check on User ( dedup ): job scheduled, it will start at Mon Apr 25 07:42:40 UTC 2022
[info] o.t.t.s.IntegrityCheck [|] Start of deduplication of User
[info] o.t.t.s.IntegrityCheck [|] End of deduplication of User:
duplicate: 0
duration: 51
##########################################
######## UPDATE SURICATA RULES ###########
##########################################
25/4/2022 -- 07:43:37 - <Info> -- Loading /etc/suricata/update.yaml
25/4/2022 -- 07:43:37 - <Info> -- Using data-directory /var/lib/suricata.
25/4/2022 -- 07:43:37 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
25/4/2022 -- 07:43:37 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
25/4/2022 -- 07:43:37 - <Info> -- Found Suricata version 6.0.5 at /usr/bin/suricata.
25/4/2022 -- 07:43:37 - <Info> -- Downloading https://www.openinfosecfoundation.org/rules/index.yaml
25/4/2022 -- 07:43:38 - <Info> -- No change in sources
25/4/2022 -- 07:43:38 - <Info> -- Saved /var/lib/suricata/update/cache/index.yaml
25/4/2022 -- 07:43:39 - <Info> -- Loading /etc/suricata/update.yaml
25/4/2022 -- 07:43:39 - <Info> -- Using data-directory /var/lib/suricata.
25/4/2022 -- 07:43:39 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
25/4/2022 -- 07:43:39 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
25/4/2022 -- 07:43:39 - <Info> -- Found Suricata version 6.0.5 at /usr/bin/suricata.
25/4/2022 -- 07:43:39 - <Info> -- Loading /etc/suricata/suricata.yaml
25/4/2022 -- 07:43:39 - <Info> -- Disabling rules for protocol modbus
25/4/2022 -- 07:43:39 - <Info> -- Disabling rules for protocol dnp3
25/4/2022 -- 07:43:39 - <Info> -- Disabling rules for protocol enip
25/4/2022 -- 07:43:39 - <Info> -- Checking https://rules.emergingthreats.net/open/suricata-6.0.5/emerging.rules.tar.gz.md5.
25/4/2022 -- 07:43:40 - <Info> -- Fetching https://rules.emergingthreats.net/open/suricata-6.0.5/emerging.rules.tar.gz.
100% - 3269232/3269232
25/4/2022 -- 07:43:43 - <Info> -- Done.
25/4/2022 -- 07:43:43 - <Info> -- Fetching https://openinfosecfoundation.org/rules/trafficid/trafficid.rules.
100% - 9855/9855
25/4/2022 -- 07:43:44 - <Info> -- Done.
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules
25/4/2022 -- 07:43:44 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules
25/4/2022 -- 07:43:45 - <Info> -- Ignoring file rules/emerging-deleted.rules
25/4/2022 -- 07:43:46 - <Info> -- Loaded 33209 rules.
25/4/2022 -- 07:43:46 - <Info> -- Disabled 14 rules.
25/4/2022 -- 07:43:46 - <Info> -- Enabled 0 rules.
25/4/2022 -- 07:43:46 - <Info> -- Modified 0 rules.
25/4/2022 -- 07:43:46 - <Info> -- Dropped 0 rules.
25/4/2022 -- 07:43:47 - <Info> -- Enabled 131 rules for flowbit dependencies.
25/4/2022 -- 07:43:47 - <Info> -- Backing up current rules.
25/4/2022 -- 07:43:49 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 33209; enabled: 25807; added: 54; removed 9; modified: 1257
25/4/2022 -- 07:43:49 - <Info> -- Writing /var/lib/suricata/rules/classification.config
25/4/2022 -- 07:43:49 - <Info> -- Skipping test, disabled by configuration.
25/4/2022 -- 07:43:49 - <Info> -- Running suricatasc -c reload-rules.
Unable to connect to socket /var/run/suricata/suricata-command.socket: [Errno 2] No such file or directory
25/4/2022 -- 07:43:50 - <Error> -- Reload command exited with error: 1
25/4/2022 -- 07:43:50 - <Info> -- Done.
##########################################
########## UPDATE YARA RULES #############
##########################################
sed: can't read /usr/lib/systemd/system/S1EM-promiscuous.service: No such file or directory
Failed to start S1EM-promiscuous.service: Unit S1EM-promiscuous.service not found
Hi Vidian.. hope all is well. What are the supported linux distros for the installation . I was trying with ubuntu 20.04 but im getting errors when i run the setup script. Error says docker command not found.
Deployment got stuck by prompting "Waiting for TheHive to come online."
Hey there, how are u?
I was doing some tests with your compose and I had the following problem... I ran the shellscript step by step, however, the elastic nodes do not go up because of this message, even though I configured the environment variables file correctly, it could help in that case, please?
Thanks!!
{"type": "server", "timestamp": "2022-10-26T06:11:05,075Z", "level": "INFO", "component": "o.e.x.s.a.RealmsAuthenticator", "cluster.name": "s1em", "node.name": "es01", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "W4fS5cU8Sdyp671yy0hVrg", "node.id": "YRM3VLPLQ4iEmw3wSyDZLA" }
{"type": "server", "timestamp": "2022-10-26T06:11:07,572Z", "level": "INFO", "component": "o.e.x.s.a.RealmsAuthenticator", "cluster.name": "s1em", "node.name": "es01", "message": "Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]", "cluster.uuid": "W4fS5cU8Sdyp671yy0hVrg", "node.id": "YRM3VLPLQ4iEmw3wSyDZLA" }
##########################################
######### GENERATE CERTIFICATE ###########
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
##########################################
########## DOCKER DOWNLOADING ############
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
##########################################
########## STARTING TRAEFIK ##############
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
##########################################
############# STARTING HOMER #############
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
##########################################
##########################################
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.misp.hostname contains an invalid type, it should be a string
Error: No such container: es01
Waiting for Elasticsearch to come online.
it would be interesting to have choice for selecting module on your solution like deleting module we don't want to have and set some module to be additional like opencti etc...
I had modified 01_deploy.sh,now it's work
01_deploy.txt
I'm looking for some guidance as I have a dev server where some of the service ports ie 80/443 are already in use and this is preventing me from starting S1EM. I temporarily disabled apache and I was able to get it to start loading but long term, I need to have it live in parallel.
Any guidance would be appreciated.
A new version of arkime is available, it should be interesting to upgrade it and it supports ES >= 7.10.0
On first time running 01_deploy.sh get a error to delete ".env" not found
Hi,
Elastic 7.14 is available.
Many change to security 🎆
So can you add to the short roadmap .
Thanks
Hey,
i've been building such a system for a week now, your project is already saving me a lot of work, thanks for that :)
is there any way to support?
i got problem with the newly created user in thehive.
somehow he didn't want to accept the password
so i split the command in creating and setting the password
Line 289 in 99ddb8a
so i split the command in creating the user and setting the password
echo "##########################################"
echo "######## DEPLOY THEHIVE USER #############"
echo "##########################################"
echo
echo
while [ "$(docker exec thehive sh -c 'curl -s http://127.0.0.1:9000')" == "" ]; do
echo "Waiting for TheHive to come online.";
sleep 15;
done
echo
echo
curl -sk -L -XPOST "https://127.0.0.1/thehive/api/v0/organisation" -H 'Content-Type: application/json' -u [email protected]:secret -d "{\"description\": \"SOC team\",\"name\": \"$organization\"}"
echo
echo
while [ "$(docker logs thehive | grep -i "End of deduplication of Organisation")" == "" ]; do
echo "Waiting for TheHive organization.";
sleep 15;
done
echo
echo
curl -sk -L -XPOST "https://127.0.0.1/thehive/api/v1/user" -H 'Content-Type: application/json' -u [email protected]:secret -d "{\"login\":\"$admin_account\",\"name\":\"admin\",\"profile\":\"org-admin\",\"organisation\":\"$organization\"}"
echo
while [ "$(docker logs thehive | grep -i " End of deduplication of User")" == "" ]; do
echo "Waiting for the creation of user in TheHive .";
sleep 15;
done
echo
echo
curl -sk -L -XPOST "https://127.0.0.1/thehive/api/v1/user/$admin_account/password/set" -H 'Content-Type: application/json' -u [email protected]:secret -d "{\"password\":\"$admin_password\"}"
thehive_apikey=$(curl -sk -L -XPOST "https://$HOSTNAME/thehive/api/v1/user/$admin_account/key/renew" -u [email protected]:secret)
while [ "$(docker logs thehive | grep -i " End of deduplication of User")" == "" ]; do
echo "Waiting for the password change of user in TheHive .";
sleep 15;
done
Hi,
I followed all the steps and looked at all the logs. However, these services have not risen/are not accessible. Would you help me?
Taking advantage, I would like to thank you for the excellent work. It's amazing.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.