Building a CIF Server
The CIF installation EasyButton creates a all-in-one installation of CIF. The means following CIF components are installed on a single host:
- cif-smrt - download, parse, normalize and ingest threat intelligence
- cif-worker - extract additional intelligence from downloaded threat intelligence
- cif-starman - HTTP API
- cif-router - zmq message broker
- ElasticSearch - data warehouse
A minimum of 8 cores is recommended, technically you can get away with fewer cores but there will be many times the CIF server will be CPU constrained.
A minimum of 16 GB of memory is recommended, you can expect a idle CIF server to use between 3-6 GB of memory at any given time. We estimate 16 GB of memory will let a single user query ~225K records from ElasticSearch. If you want to support larger queries or multiple users, you will need to allocate more memory.
The OSINT configurations shipped with CIF use ~400 MB of disk daily. Using nothing but the default data sets you would be using ~146 GB of disk after the first year.
- an x86-64bit platform
- at-least 16GB ram
- at-least 8 cores
- at-least 250GB of free (after OS install) disk space
- an x86-64bit platform
- at-least 32GB ram
- at-least 16 cores
- at-least 500GB of free (after OS install) disk space
- RAID + LVM knowledge
- an x86-64bit platform
- at-least 64GB ram
- at-least 32 cores
- at-least 500GB of free (after OS install) disk space
- RAID + LVM knowledge
(To be completed)
