GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → coolacid → docker-misp

coolacid / docker-misp

Licence: GPL-3.0 license
A (nearly) production ready Dockered MISP

Programming Languages

shell
77523 projects
Dockerfile
14818 projects
PHP
23972 projects - #3 most used programming language

Labels

dockersecuritymispthreat-sharingsecurity-toolsthreat-intelligence

Projects that are alternatives of or similar to docker-misp

misp-osint-collection
Collection of best practices to add OSINT into MISP and/or MISP communities
Stars: ✭ 54 (-70.65%)
Mutual labels:  misp, threat-sharing, threat-intelligence
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+1794.02%)
Mutual labels:  misp, threat-sharing, threat-intelligence
best-practices-in-threat-intelligence
Best practices in threat intelligence
Stars: ✭ 38 (-79.35%)
Mutual labels:  misp, threat-sharing, threat-intelligence
misp-takedown
A curses-style interface for automatic takedown notification based on MISP events.
Stars: ✭ 19 (-89.67%)
Mutual labels:  misp, threat-sharing, threat-intelligence
SyntheticSun
SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.
Stars: ✭ 49 (-73.37%)
Mutual labels:  misp, threat-intelligence
awesome-malware-analysis
Defund the Police.
Stars: ✭ 9,181 (+4889.67%)
Mutual labels:  threat-sharing, threat-intelligence
intelligence-icons
intelligence-icons is a collection of icons and diagrams for building training and marketing materials around Intelligence sharing; including but not limited to CTI, MISP Threat Sharing, STIX 2.
Stars: ✭ 32 (-82.61%)
Mutual labels:  misp, threat-intelligence
connectors
OpenCTI connectors
Stars: ✭ 135 (-26.63%)
Mutual labels:  misp, threat-intelligence
mail to misp
Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.
Stars: ✭ 61 (-66.85%)
Mutual labels:  misp, threat-intelligence
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-88.04%)
Mutual labels:  misp, threat-intelligence
cycat-service
CyCAT.org API back-end server including crawlers
Stars: ✭ 25 (-86.41%)
Mutual labels:  misp, threat-intelligence
ThreatIntelligence
Tracking APT IOCs
Stars: ✭ 23 (-87.5%)
Mutual labels:  threat-sharing, threat-intelligence
ThePhish
ThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+267.39%)
Mutual labels:  misp, threat-intelligence
ioc-fanger
Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
Stars: ✭ 47 (-74.46%)
Mutual labels:  threat-sharing
csirtg-smrt-v1
the fastest way to consume threat intelligence.
Stars: ✭ 27 (-85.33%)
Mutual labels:  threat-sharing
yara-exporter
Exporting MISP event attributes to yara rules usable with Thor apt scanner
Stars: ✭ 22 (-88.04%)
Mutual labels:  misp
iocingestor
An extendable tool to extract and aggregate IoCs from threat feeds
Stars: ✭ 25 (-86.41%)
Mutual labels:  misp
d4-core
D4 core software (server and sample sensor client)
Stars: ✭ 40 (-78.26%)
Mutual labels:  threat-intelligence
misp-objects
Definition, description and relationship types of MISP objects
Stars: ✭ 73 (-60.33%)
Mutual labels:  misp
Public-Intelligence-Feeds
Standard-Format Threat Intelligence Feeds
Stars: ✭ 60 (-67.39%)
Mutual labels:  threat-intelligence
View All Similar Projects ➔

CoolAcid's MISP Docker images

Codacy Badge CodeFactor Build Status Gitter chat

A (nearly) production ready Dockered MISP

This is based on some of the work from the DSCO docker build, nearly all of the details have been rewritten.

  • Components are split out where possible, currently this is only the MISP modules
  • Over writable configuration files
  • Allows volumes for file store
  • Cron job runs updates, pushes, and pulls - Logs go to docker logs
  • Docker-Compose uses off the shelf images for Redis and MySQL
  • Images directly from docker hub, no build required
  • Slimmed down images by using build stages and slim parent image, removes unnecessary files from images

Docker Tags

Docker hub builds the images automatically based on git tags. I try and tag using the following details

v[MISP Version][Our build version]

  • MISP version is the MISP tag we're building
  • Our build version is the iteration for our changes with the same MISP version
  • Core and modules are split into [core]-version and [modules]-version respectively

Getting Started

Development/Test

  • Grab the docker-compose.yml and server-configs/email.php files (Keep directory structure)

  • A dry run will create sane default configurations

  • docker-compose up

  • Login to https://localhost

  • Profit

Using the image for development

Pull the entire repository, you can build the images using docker-compose -f docker-compose.yml -f build-docker-compose.yml build

Once you have the docker container up you can access the container by running docker-compose exec misp /bin/bash. This will provide you with a root shell. You can use apt update and then install any tools you wish to use. Finally, copy any changes you make outside of the container for commiting to your branch. git diff -- [dir with changes] could be used to reduce the number of changes in a patch file, however, becareful when using the git diff command.

Updating

Updating the images should be as simple as docker-compose pull which, unless changed in the docker-compose.yml file will pull the latest built images.

Production

  • It is recommended to specify which build you want to be running, and modify that version number when you would like to upgrade

  • Use docker-compose, or some other config management tool

  • Directory volume mount SSL Certs ./ssl: /etc/ssl/certs

    • Certificate File: cert.pem
    • Certificate Key File: key.pem
    • CA File for Cert Authentication (optional) ca.pem

  • Directory volume mount and create configs: /var/www/MISP/app/Config/

  • Additional directory volume mounts:

    • /var/www/MISP/app/files
    • /var/www/MISP/.gnupg
    • /var/www/MISP/.smime

Building

If you are interested in building the project from scratch - git clone or download the entire repo and run docker-compose -f build-docker-compose.yml build

Image file sizes

  • Core server(Saved: 2.5GB)

    • Original Image: 3.17GB
    • First attempt: 2.24GB
    • Remove chown: 1.56GB
    • PreBuild python modules, and only pull submodules we need: 800MB
    • PreBuild PHP modules: 664MB

  • Modules (Saved: 640MB)

    • Original: 1.36GB
    • Pre-build modules: 750MB
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].