Skip to content
This repository has been archived by the owner on May 23, 2019. It is now read-only.

Building a CIF Server

Gabriel Iovino edited this page Sep 29, 2015 · 4 revisions

All-in-one

The CIF installation EasyButton creates a all-in-one installation of CIF. The means following CIF components are installed on a single host:

  • cif-smrt - download, parse, normalize and ingest threat intelligence
  • cif-worker - extract additional intelligence from downloaded threat intelligence
  • cif-starman - HTTP API
  • cif-router - zmq message broker
  • ElasticSearch - data warehouse

CPU

A minimum of 8 cores is recommended, technically you can get away with fewer cores but there will be many times the CIF server will be CPU constrained.

Memory

A minimum of 16 GB of memory is recommended, you can expect a idle CIF server to use between 3-6 GB of memory at any given time. We estimate 16 GB of memory will let a single user query ~225K records from ElasticSearch. If you want to support larger queries or multiple users, you will need to allocate more memory.

Disk

The OSINT configurations shipped with CIF use ~400 MB of disk daily. Using nothing but the default data sets you would be using ~146 GB of disk after the first year.

All-in-one sizing recommendations

Small Instance

  • an x86-64bit platform
  • at-least 16GB ram
  • at-least 8 cores
  • at-least 250GB of free (after OS install) disk space

Large Instance

  • an x86-64bit platform
  • at-least 32GB ram
  • at-least 16 cores
  • at-least 500GB of free (after OS install) disk space
  • RAID + LVM knowledge

xLarge Instance

  • an x86-64bit platform
  • at-least 64GB ram
  • at-least 32 cores
  • at-least 500GB of free (after OS install) disk space
  • RAID + LVM knowledge

Distributed architecture

(To be completed)

Clone this wiki locally