-
Notifications
You must be signed in to change notification settings - Fork 4
Home
Getting value from the project? Did you learn something new?
In larger networks, the number of infections is usually much larger and the average cleanup costs much higher. As they grow, so does the rate of return.. exponentially. By using CIF to help mitigate threats on your network, you can re-allocate time and resources to more advanced threats, projects... fun.
Let us help you mitigate threats on your network.
You probably spend more on coffee and interns.
Maxmind has changed the way they distribute their geoip databases which requires you to create an account with them.
See this for more information. Current work-around is to create your own GeoIP.conf file in the docker/
directory and build the docker container locally yourself. Make sure you select This key will be stored in an unhashed format.
This will help you get CIFv4 up and running using the latest stable release using a combination of bash and Ansible.
- Check out the Where do I start? Page
- Glance over The CIFv4 Book
Ubuntu 16 LTS is the operating system in which CIFv4 is developed against and is the most commonly used. If you run into a problem, be sure to first checkout:
- FAQ <--- Need Help? Read this first!
- Known Issues ... then check this.
- Contributions ... then send a pull-request :)
- Advanced Help
$ docker pull csirtgadgets/verbose-robot
$ export CIF_TOKEN=`head -n 25000 /dev/urandom | openssl dgst -sha256`
$ export MAXMIND_USER_ID=1234... # see MAXMIND note above.
$ export MAXMIND_LICENSE_KEY=1234..
$ docker run \
-e CIF_TOKEN="${CIF_TOKEN}" \
-e MAXMIND_USER_ID="${MAXMIND_USER_ID}" \
-e MAXMIND_LICENSE_KEY="${MAXMIND_LICENSE_KEY}" \
-it -p 5000:5000 -d --name verbose-robot csirtgadgets/verbose-robot:latest
$ docker exec -it verbose-robot /bin/bash
$ cif -d -p
The old-school easy-button is somewhat un-supported. If you want to build your own box, checkout helpers/easybutton.sh
as well as the Vagrantfile
for ideas. You should be using this to BUILD YOUR OWN DEPLOYMENTKIT
It's really really really hard to try and support all the various install methods. Since CIF is free- you should treat this as a learning experience and find ways to contribute back.
For a more complete guide in building your own CIFv4 instance, checkout the CIFv4 Ansible Playbook. Fork it and adapt it for your own operational environment!
PULL REQUESTS WELCOME!
TESTING ONLY
https://github.com/csirtgadgets/verbose-robot-elasticsearch
cif-gatherer
^ +
| |
+ v
csirtg-fm +--> cifsdk +---------> cif-httpd +------------> cif-router +-----> cif-store +-----> sqlite
+
^ | ^
| | |
| v +
| cif-hunter
+
cifsdk