The overall infrastructure follows a Event-Driven Architecture with Apache Kafka as the Message Broker. The architecture is divided into front end and back end. The back end is responsible for recognizing indicators and incidents based on predefined patterns and the front end provides a user interface allowing to create, edit, and debug these patterns. Please refer to the corresponding repository for the implementation of the front end.
The easiest way to setup the back end infrastructure is to use Docker Compose following the following steps:
- Install Docker Compose as explained here: https://docs.docker.com/compose/install/
- Download and unzip or clone the project:
git clone https://github.com/Knowledge-based-Security-Analytics/Pattern-Matcher.git
- Within the docker-compose.yml file adjust
KAFKA_ADVERTISED_HOST_NAME=192.168.2.116to represent the IP of the machine where it is running on. - cd into the cloned repository.
- Run Docker Compose to start Apache Kafka and MongoDB:
docker-compose up
- Run SpringBootEsperApplication.java in your Java VM.
- Start the GraphQL API as explained in the respective repository.
- Finally you can start the front end application and create and debug your statements.