Cikl is a cyber threat intelligence management system. It began as a fork of the Collective Intelligence Framework (CIF), which aims for the same goal. Cikl aims to provide a threat intelligence management system that scales well and is easy to deploy.
Currently? We haven't got much in the way of documentation. Please accept my appologies.
Development for Cikl is done within a set of Docker containers managed by Fig.
- Software Requirements
- Docker
- Provides the container framework
- Tested/recommended with docker >= 1.3.0
- The particulars of installing and running Docker will vary by platform. For Windows and Mac OS X, see boot2docker. Linux packages are available for a large number of distributions.
- Fig
- Manages our Docker containers.
- Tested with fig 1.0.0
- Install with:
sudo pip install -U fig
- Docker
git clone https://github.com/cikl/cikl.git
cd cikl
make dev-up
- This will build all the require docker images, and then bring the dev environment up.
- That's it! You should now be able to access the environment.
To tail the logs for all services started by fig:
fig logs
Hit ctrl-c to stop tailing the logs.
If you want to tail the logs of a single service (example: 'api'):
fig logs api
This command will list the names of the Docker containers that are running the
services, as well as their statuses:
fig ps
The following will stop all services:
make dev-stop
or
fig stop
To stop a specific service (example: 'dnsworker'):
fig stop dnsworker
First, get the name of the docker container:
fig ps
Execute a shell:
docker exec -ti cikl_api_1 /bin/bash
Currently broken:
Now that you've got everything up and running, maybe you want to process a feed or two?
Cikl uses Threatinator for all of its threat data feed fetching and parsing needs. You can find details on Threatinators usage on its project page.
fig run scheduler threatinator-list
If you want to import the 'mirc' 'domain_reputation' feed:
fig run dnsworker threatinator-run mirc domain_reputation
If you're especially brave, you can import all feeds with one easy command:
fig run dnsworker threatinator-run-all
This is an actively developed project, so you'll want to keep things up to date.
# Stop all services and clean builds
make dev-stop
# Switch to your master branch
git checkout master
# Pull any updatream changes into your master branch
git pull origin master
# Bring services back up:
make dev-up
This is accomplished by stopping and removing all existing services (and data):
make clean
To run all the unit tests for Cikl:
make test
You'll see all the test executions scroll past. If all goes well, it will exit without error and generate a coverage report in the coverage/ directory.
You can find our roadmap here.
Before you file a bug or submit a pull request, please review our contribution guidelines.
All issues are managed within the primary repository: cikl/cikl/issues. Pull requests should be sent to their respective reposirotires, referencing some issue within the main project repository.
We use Huboard for managing our issues (to the extent that it can). Our HuBoard!.
Copyright (c) 2014 Michael Ryan. See the LICENSE file for license rights and limitations (LGPLv3).