This guide will go through installation and basic configuration for Synapse.
- Start the app
- Deployment to Production
sudo apt install python3-distutils sudo apt install python3-pip sudo apt install python3-dev libkrb5-dev gcc sudo pip3 install -r requirements.txt
Before filling in the configuration file, create a new user in TheHive for Synapse with the following details:
Login: synapse Full name: synapse Roles: read, write Additional Permissions: ✓ Allow alerts creation
And create an API Key.
Now edit the configuration file located at
[api] section is related to the flask API settings. You can keep it as it is for
threaded value. You may want to change the default port
[api] debug:False host:0.0.0.0 port:5000 threaded:True
In this section, put in TheHive's url and the API Key previously created.
[TheHive] url:http://127.0.0.1:9000 user:synapse api_key:r4n0O8SvEll/VZdOD8r0hZneOWfOmth6
Basic configuration for Synapse is done.
To configure workflows, head to the workflows page.
Start the app
To start Synapse, run:
Deployment to Production
If you'd like to go live with Synapse, it is advised to use a WSGI server. The below will show you how to deploy Synapse as a service with gunicorn and supervisor but feel free to use any others tools for your deployment.
This part is mainly taken from the excellent Flask Mega Tutorial by Miguel Grinberg. Have a look at the section named "Setting Up Gunicorn and Supervisor" for the "original" deployment instructions.
- Download the WSGI server and the process control system:
sudo apt-get install gunicorn3 sudo apt-get install supervisor
- Create the user
synapse, this user is dedicated to running the application.
sudo adduser --disabled-login synapse
[program:synapse] command=/usr/bin/gunicorn3 -b 0.0.0.0:5000 -w 4 app:app directory=/opt/Synapse user=synapse environment=REQUESTS_CA_BUNDLE="<PATH_TO_EWS_CERT>" autostart=true autorestart=true stopasgroup=true killasgroup=true
In this case, Synapse is located at
/opt/Synapse as indicated by
Feel free to adapt
directory to your context.
Just make sure that user
synapse has enough rights on this directory:
sudo chown -R synapse:synapse /opt/Synapse/
Make also sure to replace
<PATH_TO_EWS_CERT> with the file path to your ews certificate.
- Reload supervisor to make the changes effective:
sudo supervisorctl reload
From here the application should be deployed and running on port 5000. It also means that your server has now port 5000 open.
Stopping the application
To stop Synapse, run:
sudo supervisorctl stop synapse
Starting the application
To start Synapse, run:
sudo supervisorctl start synapse
Logs for supervisor are located under:
Regarding Synapse, if the application is located at
/opt then logs are under:
In order to update Synapse (minor version), just pull the new version from Github and run the application:
cd Synapse/ git pull