Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Welcome to the Bearded-Avenger Deployment Kit! This Kit will help you get CIFv3 up and running using the latest stable release using a combination of bash and ansible.
Ubuntu 16 LTS is the operating system in which CIFv3 is developed against and is the most commonly used. RHEL7/CentOS7 are the second most common platforms used by the community, but lags in community support. If you run into a problem, be sure to first checkout:
- FAQ <--- Need Help? Read this first!
- Known Issues ... then check this.
- Mailing List .. then email the list.
- Contributions ... then send a pull-request :)
- Advanced Help .. Partner with us!
Before You Dive Straight In
the EasyButton (~10min)
pull the latest release of the DeploymentKit
bash the easy-button
$ tar -zxvf bearded-avenger-deploymentkit-3.0.x.tar.gz $ cd bearded-avenger-deploymentkit-3.0.x $ sudo bash easybutton.sh $ sudo su - cif $ cif -p
Your userspace tokens will be set here:
Create an API token on CSIRTG and add it to
/etc/cif/rules/csirtg.yml[optional, gets you free access to more data]
csirtg-smrtwill take ~5min to start running after initial install is complete, and a few more minutes there-after to do it's initial processing run. After ~15 to 20min, test for data by running:
$ sudo su - cif $ cif --itype ipv4 --tags scanner -d
If no data is returned, check the logs to make sure everything is running properly:
$ sudo journalctl -fu csirtg-smrt* $ sudo journalctl -fu cif-router*
Need more help? Check out the FAQ Page.
Now on to Where do I start?
cif-gatherer ^ + | | + v csirtg-smrt +--> cifsdk +---------> cif-httpd +------------> cif-router +-----> cif-store +-----> elasticsearch + ^ | ^ | | | | v + | cif-hunter + cifsdk
bleeding-edge style distro's (eg: release cycles less than 18-24months, Fedora, non-LTS-release ubuntu, etc...) are highly discouraged and are generally not supported. THIS INCLUDES 'DESKTOP' distro's that have a 'SERVER' counterpart unless you have giant truck-loads of cash. then we'll consider it... maybe.