-
Notifications
You must be signed in to change notification settings - Fork 505
Plugins
Augustin FL edited this page Aug 28, 2024
·
3 revisions
Besides being one of the only incident handling platform that's actually usable by humans, FIR can also be extended using plugins. Anyone can chose which plugins they want to install in their FIR instance, but two of them are mandatory:
-
fir_plugins, which is used for plugin internals -
fir_artifacts, which defines the artifacts that FIR will automatically search for and correlate
Other available plugins are:
-
fir_todosto be able to set task lists per incident and attribute them to business lines. -
fir_nuggetsto be able to record technical findings (golden nuggets) and automatically sort them according to their timestamps, creating an investigation timeline. -
fir_alertingto be able to create templates and send email alerts directly through FIR's web-interface.
We recommend enabling them all for a better FIR experience!
In order to install plugins, follow these steps:
- Make sure your plugin name starts with "fir_", so that it is properly loaded.
- Make sure the plugin directory is in your python path. This is being done by default for plugins shipped with FIR.
- Add your plugin name to the
installed_apps.txtfile infir/config. If it doesn't exist, copy thefir/config/installed_apps.txt.samplefile tofir/config/installed_apps.txt. This will enablefir_todos,fir_nuggets, andfir_alerting. You can individually disable plugins by removing their name from theinstalled_apps.txtfile. - Follow the installation steps specified in the plugin's README file.