Skip to content
This repository has been archived by the owner on Apr 30, 2022. It is now read-only.
wes edited this page Jan 2, 2020 · 22 revisions

Supporting the Project

Getting value from the project? Did you learn something new?

paypal

In larger networks, the number of infections is usually much larger and the average cleanup costs much higher. As they grow, so does the rate of return.. exponentially. By using CIF to help mitigate threats on your network, you can re-allocate time and resources to more advanced threats, projects... fun.

Let us help you mitigate threats on your network.

You probably spend more on coffee and interns.

GeoIP ISSUES

Maxmind has changed the way they distribute their geoip databases which requires you to create an account with them.

See this for more information. Current work-around is to create your own GeoIP.conf file in the docker/ directory and build the docker container locally yourself.

Getting Started

This will help you get CIFv4 up and running using the latest stable release using a combination of bash and Ansible.

Ubuntu 16 LTS is the operating system in which CIFv4 is developed against and is the most commonly used. If you run into a problem, be sure to first checkout:

  1. FAQ <--- Need Help? Read this first!
  2. Known Issues ... then check this.
  3. Contributions ... then send a pull-request :)
  4. Advanced Help

Docker

$ docker pull csirtgadgets/verbose-robot
$ export CIF_TOKEN=`head -n 25000 /dev/urandom | openssl dgst -sha256`
$ export MAXMIND_USER_ID=1234... # see MAXMIND note above.
$ export MAXMIND_LICENSE_KEY=1234..
$ docker run \
  -e CIF_TOKEN="${CIF_TOKEN}" \
  -e MAXMIND_USER_ID="${MAXMIND_USER_ID}" \
  -e MAXMIND_LICENSE_KEY="${MAXMIND_LICENSE_KEY}" \
  -it -p 5000:5000 -d --name verbose-robot csirtgadgets/verbose-robot:latest
$ docker exec -it verbose-robot /bin/bash
$ cif -d -p

Old School

The old-school easy-button is somewhat un-supported. If you want to build your own box, checkout helpers/easybutton.sh as well as the Vagrantfile for ideas. You should be using this to BUILD YOUR OWN DEPLOYMENTKIT

It's really really really hard to try and support all the various install methods. Since CIF is free- you should treat this as a learning experience and find ways to contribute back.

The CIFv4 Playbook

For a more complete guide in building your own CIFv4 instance, checkout the CIFv4 Ansible Playbook. Fork it and adapt it for your own operational environment!

PULL REQUESTS WELCOME!

Elasticsearch

TESTING ONLY

https://github.com/csirtgadgets/verbose-robot-elasticsearch

Architecture

                                                              cif-gatherer
                                                               ^        +
                                                               |        |
                                                               +        v
csirtg-fm +--> cifsdk  +--------->  cif-httpd +------------> cif-router +-----> cif-store +-----> sqlite
                                                               +
                                           ^                   |        ^
                                           |                   |        |
                                           |                   v        +
                                           |                   cif-hunter
                                           +

                                        cifsdk