Skip to content
This repository has been archived by the owner on Oct 20, 2023. It is now read-only.

Commit

Permalink
ReadMe updates (#195)
Browse files Browse the repository at this point in the history 
* add test dataset download info to readme

* Update Hero Screenshot

* added Maintenance Mode statement

* More Quickstart updates

---------

Co-authored-by: James Bradford <j.bradford@pnnl.gov>
  • Loading branch information
@arniebradfo
arniebradfo and James Bradford committed Sep 21, 2023
1 parent d183b3c commit db56006
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 14 deletions.
46 changes: 32 additions & 14 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
# RedEye

Red Team C2 Log Visualization
# **RedEye**: Red Team C2 Log Visualization

<p align="center">
<img alt="RedEye Screenshot" src="https://github.com/cisagov/RedEye/blob/develop/docs/images/RedEye-Hero-Screenshot.png?raw=true" width="100%"/>
Expand All @@ -14,27 +12,39 @@ RedEye can assist an operator to efficiently:
- Display and evaluate complex assessment data to enable effective decision making.
- Gain a clearer understanding of the attack path taken and the hosts compromised during a Red Team assessment or penetration test.

Red Team: [![Red Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/rsybgk&style=flat&logo=cypress)](https://cloud.cypress.io/projects/rsybgk/runs)
| **Red Team** | **Blue Team** |
|:------------:|:-------------:|
| [![Red Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/rsybgk&style=flat&logo=cypress)](https://cloud.cypress.io/projects/rsybgk/runs) | [![Blue Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/46ahz3&style=flat&logo=cypress)](https://cloud.cypress.io/projects/46ahz3/runs) |

Blue Team: [![Blue Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/46ahz3&style=flat&logo=cypress)](https://cloud.cypress.io/projects/46ahz3/runs)
---

## [User Guide](https://github.com/cisagov/RedEye/blob/develop/docs/UserGuide.md)
## ⚠️ This Repo Currently in Maintenance Mode ⚠️

Follow along with the [User Guide](https://github.com/cisagov/RedEye/blob/develop/docs/UserGuide.md) to learn about RedEye's feature set.
This GitHub repository is no longer under active development. We'll review community issues and pull requests for bug fixes, but won't consider any new feature additions.

---

## Quick start

1. **Download** the latest RedEye binaries for your OS[\*](#platform-support) from the [Releases](https://github.com/cisagov/RedEye/releases) page.
2. **Pick a mode** and **Run the server**
- [ **Red Team mode**](#red-team) enables the full feature set: upload C2 logs, explore data, and create presentations. To start the server in Red Team mode, run the following in a terminal. _You must provide a password to run in RedTeam mode._
```
./RedEye --redTeam --password <your_password>
```
- [**Blue Team mode**](#blue-team) (default) enables a simplified, read-only UI for reviewing campaigns exported by a Red Team. To start the server in Blue Team mode. Double-click on the 'RedEye' executable or run `./RedEye` from the command line.
2. **Pick a mode** and **Run the server**
- [ **Red Team mode**](#red-team) enables the full feature set: upload C2 logs, explore data, and create presentations. _You must provide a password to run in Red Team mode._ To start the server in Red Team mode, run the following in a terminal.
```
./RedEye --redTeam --password <your_password>
```
- [**Blue Team mode**](#blue-team) (default) enables a simplified, read-only UI for reviewing campaigns exported by a Red Team. To start the server in Blue Team mode, run the following in a terminal.
```
./RedEye # Or simplify double-click the "RedEye" executable
```
3. **Use the web app** in a browser at http://127.0.0.1:4000. The RedEye binary runs as a server in a terminal window and will automatically open the web app UI your default browser. You must close the terminal window to quit the RedEye server.
4. Try importing the [gt.redeye](https://github.com/cisagov/RedEye/raw/develop/applications/redeye-e2e/src/fixtures/gt.redeye) example dataset to get started. Or try a different [example dataset](#example-datasets).

_**MacOS Issue** - When running RedEye for the first time, you may get a "not verified" error. You must go to "System Preferences" > "Security & Privacy" > "General" and click "Open Anyway." More info on the [Apple support page](https://support.apple.com/guide/mac-help/open-a-mac-app-from-an-unidentified-developer-mh40616/)._

### Follow the [User Guide](https://github.com/cisagov/RedEye/blob/develop/docs/UserGuide.md) to learn about RedEye's feature set.

---

## Red Team & Blue Team Modes

RedEye has two modes that cover two stages of the Red Teaming process. [Red Team mode](#red-team) allows importing C2 data, editing imported data, and making comments and presentations. After curating and annotating campaign data, Red Teams can export their campaign as a standalone `.redeye` file and [hand it off to a Blue Team](#blue-team-presentation-handoff) for reporting and remediation. [Blue Team mode](#blue-team) runs RedEye in a simplified read-only mode for viewing curated data exported by a Red Team.
Expand Down Expand Up @@ -88,14 +98,22 @@ Folder/

`.redeye` files can also be uploaded in Blue Team mode via the "+ Add Campaign" dialog.

## Example Datasets
There are example datasets in this repo available for download. These are located in the [./applications/redeye-e2e/src/fixtures](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures) folder.
- **gtdataset** - available as [gt.redeye](https://github.com/cisagov/RedEye/raw/develop/applications/redeye-e2e/src/fixtures/gt.redeye) and as [Cobalt Strike Logs](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures/gtdataset)
- **smalldata** - available as [smalldata.redeye](https://github.com/cisagov/RedEye/raw/develop/applications/redeye-e2e/src/fixtures/smalldata.redeye) and as [Cobalt Strike Logs](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures/smalldata)
- **testdata** - available as [Cobalt Strike Logs](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures/testdata)

You may want to use a tool like [download-directory.github.io](https://download-directory.github.io/) to download just one folder of a github repo

<!--
## RedEye Server Settings
RedEye runs as a server and can be setup to serve the UI on a network..
***{instructions}***
-->

### RedEye Server parameters
## RedEye Server Parameters

Type `./Redeye -h` to view the options

Expand Down
Binary file modified docs/images/RedEye-Hero-Screenshot.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit db56006

Please sign in to comment.