-
Install (Ubuntu 14.04 - trusty OR Ubuntu 16.04 xenial OR Debian 8 - jessie, Python 3, CPU with SSE 4.2)
-
Add repository
- Clickhouse
echo 'deb http://repo.yandex.ru/clickhouse/deb/stable/ main/' | sudo tee -a /etc/apt/sources.list sudo apt-key adv --keyserver keyserver.ubuntu.com --recv E0C56BD4
- Grafana
echo 'deb https://packagecloud.io/grafana/stable/debian/ jessie main' | sudo tee -a /etc/apt/sources.list curl https://packagecloud.io/gpg.key | sudo apt-key add -
- Clickhouse
-
Install Politraf
sudo ./install.py
-
Configure (Tshark interface, etc)
sudo vi /etc/politraf/config.yaml
-
Start daemons
sudo systemctl daemon-reload sudo systemctl start systat sudo systemctl start constat
-
OTX AlienVault - https://otx.alienvault.com
- Create an account and select your feeds
- Set API key in /etc/politraf/config.yaml
- /op/politraf/otxget.py
-
Censys.io - https://censys.io/
- Create an account
- Set API key in /etc/politraf/config.yaml
- Set network to scan
- /opt/politraf/ext_cscan.py
-
Grafana setup
- http on port 3000 with admin:admin
- Add datasource named Clickhouse
- Add dashboard from https://grafana.com/api/dashboards/2996/revisions/1/download
- Add dashboard from https://grafana.com/api/dashboards/3248/revisions/2/download
-
Custom IoC import
vim /opt/politraf/self_ioc_list.csv /opt/politraf/ioc_self_get.py
-
Setup cron jobs
sudo crontab -e
0 2 * * * /opt/politraf/otxget.py >/dev/null 2>&1 0 3 * * * /opt/politraf/ioc_self_get.py >/dev/null 2>&1 */2 * * * * /opt/politraf/iocwatch.py >/dev/null 2>&1 */2 * * * * /opt/politraf/ioc_self_watch.py >/dev/null 2>&1 */1 * * * * /opt/politraf/csv_load_to_db.py >/dev/null 2>&1 0 2 * * * /opt/politraf/ext_cscan.py >/dev/null 2>&1
-
Connections statistic for threat hunting, inventarization public services with vulners.
License
ainich/politraf
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
Connections statistic for threat hunting, inventarization public services with vulners.
Resources
License
Code of conduct
Stars
Watchers
Forks
Packages 0
No packages published