GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dfir-iris → iris-web

dfir-iris / iris-web

Licence: LGPL-3.0 license
Collaborative Incident Response platform

Programming Languages

javascript
184084 projects - #8 most used programming language
python
139335 projects - #7 most used programming language
CSS
56736 projects
HTML
75241 projects
SCSS
7915 projects
Dockerfile
14818 projects

Labels

incident-responseforensiccsirt-tooling

Projects that are alternatives of or similar to iris-web

Wazuh Docker
Wazuh - Docker containers
Stars: ✭ 213 (-61.96%)
Mutual labels:  incident-response
assisted-log-enabler-for-aws
Assisted Log Enabler for AWS - Find AWS resources that are not logging, and turn them on.
Stars: ✭ 167 (-70.18%)
Mutual labels:  incident-response
macOS-ir
Prototype to collect data and analyse it from a compromised macOS device.
Stars: ✭ 16 (-97.14%)
Mutual labels:  incident-response
Atc React
A knowledge base of actionable Incident Response techniques
Stars: ✭ 226 (-59.64%)
Mutual labels:  incident-response
Cortex Analyzers
Cortex Analyzers Repository
Stars: ✭ 246 (-56.07%)
Mutual labels:  incident-response
PowerSponse
PowerSponse is a PowerShell module focused on targeted containment and remediation during incident response.
Stars: ✭ 35 (-93.75%)
Mutual labels:  incident-response
Dfir Orc
Forensics artefact collection tool for systems running Microsoft Windows
Stars: ✭ 202 (-63.93%)
Mutual labels:  incident-response
ThePhish
ThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+20.71%)
Mutual labels:  incident-response
evtx-hunter
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
Stars: ✭ 122 (-78.21%)
Mutual labels:  incident-response
yara-exporter
Exporting MISP event attributes to yara rules usable with Thor apt scanner
Stars: ✭ 22 (-96.07%)
Mutual labels:  incident-response
Vast
🔮 Visibility Across Space and Time
Stars: ✭ 227 (-59.46%)
Mutual labels:  incident-response
Asn
ASN / RPKI validity / BGP stats / IPv4v6 / Prefix / URL / ASPath / Organization / IP reputation and geolocation lookup tool / Traceroute server
Stars: ✭ 242 (-56.79%)
Mutual labels:  incident-response
Packrat
Live system forensic collector
Stars: ✭ 16 (-97.14%)
Mutual labels:  incident-response
Wazuh Kibana App
Wazuh - Kibana plugin
Stars: ✭ 212 (-62.14%)
Mutual labels:  incident-response
RdpCacheStitcher
RdpCacheStitcher is a tool that supports forensic analysts in reconstructing useful images out of RDP cache bitmaps.
Stars: ✭ 176 (-68.57%)
Mutual labels:  incident-response
Scot
Sandia Cyber Omni Tracker (SCOT)
Stars: ✭ 206 (-63.21%)
Mutual labels:  incident-response
CCXDigger
The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.
Stars: ✭ 45 (-91.96%)
Mutual labels:  incident-response
MEAT
This toolkit aims to help forensicators perform different kinds of acquisitions on iOS devices
Stars: ✭ 101 (-81.96%)
Mutual labels:  incident-response
urlRecon
📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server
Stars: ✭ 31 (-94.46%)
Mutual labels:  forensic
pyarascanner
A simple many-rules to many-files YARA scanner for incident response or malware zoos.
Stars: ✭ 23 (-95.89%)
Mutual labels:  incident-response
View All Similar Projects ➔

Incident Response Investigation System

IRIS

License: LGPL v3
IRIS is a web collaborative platform aiming to help incident responders sharing technical details during investigations.

demo_timeline

Getting started

It is divided in two main parts, IrisWeb and IrisModules.

  • IrisWeb is the web application which contains the core of Iris (web interface, database management, etc).
  • IrisModules are extensions of the core that allow third parties to process data via Iris (eg enrich IOCs with MISP and VT, upload and injection of EVTX into Splunk).

IrisWeb can work without any modules though defaults ones are preinstalled. Head to Manage > Modules in the UI to configure and enable them.

Run IrisWeb

Iris is split on 5 Docker services, each with a different role.

  • app - iris_webapp: The core, including web server, DB management, module management etc.
  • db: A PostgresSQL database
  • RabbitMQ: A RabbitMQ engine to handle jobs queuing and processing
  • worker: Jobs handler relying on RabbitMQ
  • nginx: A NGINX reverse proxy

Each service can be built independently, which can be useful when developing.

#  Clone the iris-web repository
git clone https://github.com/dfir-iris/iris-web.git
cd iris-web

# Copy the environment file 
cp .env.model .env
# [... optionally, do some configuration as specified below ...]

# Build the dockers
docker-compose build

# Run IRIS 
docker-compose up

Iris will be available on the host interface, port 4433, protocol HTTPS - https://<your_instance_ip>:4433.
By default, an administrator account is created. The password is printed in stdout the very first time Iris is started. It won't be printed anymore after that.
You can search for WARNING :: post_init :: create_safe_admin :: >>> in the logs to find the password.

If you want to define an admin password at the first start, you can also create and define the environment variable IRIS_ADM_PASSWORD in the app docker instance (see the webApp Dockerfile). This has no effects once the administrator account is created.

Optional configuration

You can skip this part if you just want to try or develop. If used in production, please configure the .env file at the root of the project:

  • Nginx: you might want to specify your own certificate as specified above
  • Database credentials: POSTGRES_PASSWORD and DB_PASS (you can also customise the usernames)
  • IRIS secrets: SECRET_KEY and SECURITY_PASSWORD_SALT

Showcase

For a more comprehensive overview of the case features, you can head to tutorials, we've put some videos there.

Upgrades

Please read the release notes when upgrading versions. Most of the time the migrations are handled automatically, but some changes might require manual labor depending on the version.

Documentation

A comprehensive documentation is available on docs.dfir-iris.org.

API

The API reference is available in the documentation or documentation repository.

Help

You can reach us on Discord or by mail if you have any question, issue or idea !

Considerations

Iris is in its early stage. It can already be used in production, but please set backups of the database and DO NOT expose the interface on the Internet. We highly recommend using a private dedicated and secured network.

License

The contents of this repository is available under LGPL3 license.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].