Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloud MISP #2548

Merged
merged 19 commits into from Oct 10, 2022
Merged

Cloud MISP #2548

merged 19 commits into from Oct 10, 2022

Conversation

rdettai
Copy link
Contributor

@rdettai rdettai commented Aug 31, 2022
edited

This PR adds a MISP plugin to the cloud deployment

  • after intensive experimentation with Ngrok and Cloudflare tunnel, these solutions where discarded:
    • too much per-requisits for the user (have an account, for cloudflare have a domain, for ngrok activate the paying tier)
    • hard to secure, especially TCP tunnels
  • we went for a more traditional ssh tunnel with a keypair stored in the terraform state for now. This makes it harder to share the demo

馃摑 Reviewer Checklist

Review this pull request by ensuring the following items:

  • All user-facing changes have changelog entries
  • User-facing changes are reflected on vast.io

Also note that:

  • You should rebuild the CLI (VASTCLOUD_REBUILD=1 ./vast-cloud)
  • Changes to core were necessary to allow using EFS from the plugin
  • We added sudo capabilities to the user in the CLI image to enable binding low ports
  • In cloud/aws/resources/configs/misp/ configs where copied over from our internal repo. These should probably be shared with the docker-compose configs once they are ported to this repository

@rdettai rdettai changed the title Story/sc 35993/cloud misp Cloud MISP Aug 31, 2022
@rdettai rdettai self-assigned this Sep 1, 2022
@rdettai rdettai added the feature New functionality label Sep 1, 2022
Base automatically changed from story/sc-36993/img-build to master September 2, 2022 07:25
@rdettai
Copy link
Contributor Author

rdettai commented Sep 5, 2022
edited

Terraform

@KaanSK
Copy link
Contributor

KaanSK commented Sep 8, 2022
edited

After deployment, it is really unclear what is going on in the environment. Would it be possible to give a summary text on
ID/IP of MISP and Vast Server with available ports? It could be my lack of experience with these a bit but I needed to manually check stuff on both AWS and terraform code.

Additionally, what could be the reason for the output below? I expected the output to align with the test case. The screenshot is after the successful deployment. Instead of "No Task", a bit more verbose output could be shown.

image

KaanSK
KaanSK suggested changes Sep 8, 2022
View reviewed changes
web/docs/setup-vast/deploy/aws.md Outdated Show resolved Hide resolved
KaanSK
KaanSK suggested changes Sep 8, 2022
View reviewed changes
cloud/aws/cli/plugins/misp.py Show resolved Hide resolved
cloud/aws/cli/plugins/misp.py Show resolved Hide resolved
@rdettai
Copy link
Contributor Author

rdettai commented Sep 12, 2022

After deployment, it is really unclear what is going on in the environment. Would it be possible to give a summary text on
ID/IP of MISP and Vast Server with available ports? It could be my lack of experience with these a bit but I needed to manually check stuff on both AWS and terraform code.

Not sure how an ID/IP would be useful as the services are not exposed to the outside world. The ports are displayed when you start the tunneling, but maybe clearer listing would be nice.

Additionally, what could be the reason for the output below? I expected the output to align with the test case. The screenshot is after the successful deployment. Instead of "No Task", a bit more verbose output could be shown.

Did you start the service with misp.start as pointed out in the docs? I agree the message should be made more explicit.

@rdettai
Copy link
Contributor Author

rdettai commented Sep 13, 2022

I made service status messages more explicit and fixed the integration test. Could you take a new look at it @KaanSK ?

@KaanSK
Copy link
Contributor

KaanSK commented Sep 15, 2022

I followed the instructions and I was able to get VAST Server, MISP instance up and ready. Approach seems more robust and status/error messages seems more verbose.

image

I went through the code both infra and logic related, to the extend of my knowledge. Put comment(s) on discussion points.

dispanser
dispanser approved these changes Oct 6, 2022
View reviewed changes
Copy link
Contributor

@dispanser dispanser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deployment works, and I'm able to both connect to MISP and log in.

@rdettai rdettai merged commit 8903be4 into master Oct 10, 2022
@rdettai rdettai deleted the story/sc-35993/cloud-misp branch October 10, 2022 10:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobim tobim tobim left review comments

@KaanSK KaanSK KaanSK requested changes

@dispanser dispanser dispanser approved these changes

Assignees

@rdettai rdettai

Labels
feature New functionality
Projects
None yet
Milestone
No milestone
4 participants
@rdettai @KaanSK @tobim @dispanser