MISP
/
misp-training
mirror of https://github.com/MISP/misp-training
2
0
Fork 0
Code Issues Releases Wiki Activity

deployment slides added

pull/13/head
iglocska 2021-02-10 08:56:01 +01:00
parent db2b9b4381
commit dfac5a1503
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
6 changed files with 185 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
a.c-deployment/cli.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 120 KiB

159
a.c-deployment/content.tex Normal file
View File

@ -0,0 +1,159 @@
% DO NOT COMPILE THIS FILE DIRECTLY!
% This is included by the other .tex files.
\begin{frame}[t,plain]
\titlepage
\end{frame}
\begin{frame}
\frametitle{MISP deployment considerations}
\begin{itemize}
\item {\bf Deployment types}
\item {\bf Distro} choice
\item {\bf Hardware specs}
\item {\bf Authentication}
\item Other considerations - {\bf settings}, {\bf gotchas}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Deployment types}
\begin{itemize}
\item Native install
\begin{itemize}
\item Manual
\item One liner script - INSTALL.sh \url{https://github.com/MISP/MISP/tree/2.4/INSTALL}
\end{itemize}
\item MISP VM \url{https://www.circl.lu/misp-images/latest/}
\item Docker
\item RPM maintained by SWITCH \url{https://github.com/amuehlem/MISP-RPM}
\item Cloud provider images \url {https://github.com/MISP/misp-cloud}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Docker options}
\begin{itemize}
\item CoolAcid's MISP images \url{https://github.com/coolacid/docker-misp}
\item MISP-docker by XME \url{https://github.com/MISP/misp-docker}
\item docker-misp by Harvard security \url{https://github.com/MISP/docker-misp}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Distro options}
\begin{itemize}
\item Ubuntu 20.04 (18.04 will also work)
\begin{itemize}
\item Our target platform
\item Our CI target
\item Use this unless you are absolutely forced not to
\end{itemize}
\item CentOS 7
\begin{itemize}
\item Annoying to operate
\item Less tested, though used by many
\item CentOS is going away. Consider other options
\end{itemize}
\item RHEL 7
\begin{itemize}
\item Same annoyance as CentOS in general
\item We test against CentOS in general, some assembly may be required
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Hardware specs}
\begin{itemize}
\item No firm recommendations, it's highly usage dependent
\item It's better to go a bit over what you need than under
\item {\bf SSDs} are massively beneficial
\item Let's look at what affects specs and some sample configurations
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Hardware considerations}
\begin{itemize}
\item What are the factors that can impact my performance?
\begin{itemize}
\item Clustering of the data (how many datapoints / event?) (RAM, disk speed)
\item Correlation (RAM, disk speed, disk space)
\begin{itemize}
\item Consider blocking overtly correlating values from doing so
\item Feed ingestion strategy is crucial
\end{itemize}
\item Over-contextualisation (RAM, disk speed)
\begin{itemize}
\item Contextualise the container over each datapoint contained within
\end{itemize}
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Hardware considerations - continues}
\begin{itemize}
\item What are the factors that can impact my performance?
\begin{itemize}
\item Number of users that are active at any given time (RAM, CPU, disk speed)
\item Logging strategy (Disk space)
\item API users especially with heavy searches (substring searches for example) (RAM, CPU, Disk speed)
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Hardware considerations - continues}
\begin{itemize}
\item What are the factors that generally do {\bf NOT} impact my performance as much as expected?
\begin{itemize}
\item Warninglist usage
\item Number of raw attributes on the instance
\item Number of sync connections / recurring syncs (with measure)
\item Tools feeding off the automation channels (ZMQ, kafka, syslog)
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Authentication options}
\begin{itemize}
\item Username/password is the default
\item Some built in modules by 3rd parties (LDAP, Shibboleth, x509)
\item CustomAuth system for more flexibility
\item Additionally, consider Email OTP
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Other considerations - tuning}
\begin{itemize}
\item PHP tuning
\begin{itemize}
\item Maximum memory usage (per process)
\item Timeout settings
\item Consider setting it per role!
\item Background processes are exempt
\end{itemize}
\item MySQL: InnoDB buffer size is important
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Other considerations - high availability}
\begin{itemize}
\item Clustering
\begin{itemize}
\item Load balanced apache servers with MISP
\item Replicating / mirrored database backends
\end{itemize}
\item Careful about session pinning
\item Attachment storage can be abstracted / network attached
\item An example implementation for AWS \url{https://github.com/0xtf/HAMISPA}
\end{itemize}
\end{frame}

BIN
a.c-deployment/logo-circl.pdf Normal file
View File

Binary file not shown.

BIN
a.c-deployment/misplogo.pdf Executable file
View File

Binary file not shown.

BIN
a.c-deployment/pics/param-ui.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 49 KiB

26
a.c-deployment/slide.tex Normal file
View File

@ -0,0 +1,26 @@
\documentclass{beamer}
\usetheme[numbering=progressbar]{focus}
\definecolor{main}{RGB}{47, 161, 219}
\definecolor{textcolor}{RGB}{128, 128, 128}
\definecolor{background}{RGB}{240, 247, 255}
\usepackage[utf8]{inputenc}
\usepackage{tikz}
\usepackage{listings}
\usepackage{adjustbox}
\usetikzlibrary{positioning}
\usetikzlibrary{shapes,arrows}
%\usepackage[T1]{fontenc}
%\usepackage[scaled]{beramono}
\author{\small{\input{../includes/authors.txt}}}
\title{MISP CLI}
\subtitle{Automate all the things}
\institute{\includegraphics[scale=0.5]{misplogo.pdf}}
\date{\input{../includes/location.txt}}
\begin{document}
\include{content}
\end{document}