Threat Analysis, Reconnaissance, and Data Intelligence System
Switch branches/tags
Nothing to show
Clone or download
Travis Smith
Travis Smith Adding missing config file
Config file required to tell TARDIS where to look.
Latest commit 45d221f Aug 29, 2015

README.txt

1) Execute 'python dependencies.py' to ensure all Python modules have been installed.  Continue when no errors are generated. 

2) Execute the sql_tardis.sql script to create the appropriate database and tables within MySQL. 

3) Edit the config.xml with the appropriate credentials of the MySQL Server, Splunk, or Elastic Search instances.  Update the log_source element with either 'splunk' or 'elastic_search', depending on the log repository being searched.  

4) Edit the dbColumns.config document.  This will be a mapping of STIX fields to the appropriate normalized column name in the log repository. Samples are provided for reference. 

5a) If using an IP360 scan output file, execute 'python parseIP360.py -f <xml_file>'
	-Note: Referenced STIX files are stored in the VulnXML directory.  A sample for ShellShock (98520.xml) is provided for reference. Any number of STIX documents can be referenced.  

5b) If using an individual STIX file, execute 'python parseSTIX.py -f <STIX_file> -i <ip_address> -d <hostname>
	-Note: the -d argument is optional.  If no hostname is provided, TARDIS will attempt to look up the hostname from the IP provided.  
	-Note: A copy of the STIX file is saved to the VulnXML directory using the CVE name as the filename.