Compare commits
13 Commits
a1c96ff1a5
...
cdfca0dab1
Author | SHA1 | Date |
---|---|---|
Alexandre Dulaunoy | cdfca0dab1 | |
Alexandre Dulaunoy | 0fe4fb361b | |
Alexandre Dulaunoy | 56f785f734 | |
Alexandre Dulaunoy | d914e1898d | |
DocArmoryTech | 772e02f425 | |
DocArmoryTech | 987b685321 | |
DocArmoryTech | a616df19d4 | |
DocArmoryTech | 93b1b6ddd7 | |
DocArmoryTech | bff0996948 | |
DocArmoryTech | 82964b544c | |
DocArmoryTech | 09d1691032 | |
DocArmoryTech | 09a93ca1cd | |
DocArmoryTech | 795c232244 |
64
README.md
64
README.md
|
@ -1,6 +1,6 @@
|
||||||
# threat-actor-intelligence-server
|
# threat-actor-intelligence-server
|
||||||
|
|
||||||
![](https://raw.githubusercontent.com/MISP/threat-actor-intelligence-server/master/doc/logo/tai.png)
|
![](https://raw.githubusercontent.com/MISP/threat-actor-intelligence-server/main/doc/logo/tai.png)
|
||||||
|
|
||||||
A simple ReST server to lookup threat actors (by name, synonym or UUID) and returning the corresponding MISP galaxy information about the known threat actors.
|
A simple ReST server to lookup threat actors (by name, synonym or UUID) and returning the corresponding MISP galaxy information about the known threat actors.
|
||||||
|
|
||||||
|
@ -18,8 +18,7 @@ git submodule init
|
||||||
git submodule update
|
git submodule update
|
||||||
pip install -r REQUIREMENTS
|
pip install -r REQUIREMENTS
|
||||||
~~~
|
~~~
|
||||||
|
## Starting the server
|
||||||
# Starting the server
|
|
||||||
|
|
||||||
~~~
|
~~~
|
||||||
cd bin
|
cd bin
|
||||||
|
@ -28,6 +27,65 @@ python tai-server.py
|
||||||
|
|
||||||
By the default, the server is listening on TCP port 8889.
|
By the default, the server is listening on TCP port 8889.
|
||||||
|
|
||||||
|
# Alternative Installation
|
||||||
|
|
||||||
|
This method involves:
|
||||||
|
- installing a few dependencies
|
||||||
|
- creating a dedicated, unprivileged, user to run the TAI server(s)
|
||||||
|
- creating a python virtual environment
|
||||||
|
- installation of TAI
|
||||||
|
- systemd configuraion of (arbitrarily) four instances
|
||||||
|
- configuring nginx as a reverse proxy to four instances
|
||||||
|
|
||||||
|
Installing a few dependencies
|
||||||
|
~~~
|
||||||
|
sudo apt install virtualenv git python3-pip nginx
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Create a dedicated, unprivileged, user to run the TAI server(s)
|
||||||
|
~~~
|
||||||
|
sudo adduser tai
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Create and activate a python virtual environment called _tai-env_
|
||||||
|
~~~
|
||||||
|
sudo su tai
|
||||||
|
virtualenv tai-env
|
||||||
|
source ./tai-env/bin/activate
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Installation of TAI in the home directory of the user `tai`
|
||||||
|
~~~
|
||||||
|
cd
|
||||||
|
git clone https://github.com/MISP/threat-actor-intelligence-server
|
||||||
|
cd threat-actor-intelligence-server
|
||||||
|
git submodule init
|
||||||
|
git submodule update
|
||||||
|
pip install -r REQUIREMENTS
|
||||||
|
exit
|
||||||
|
~~~
|
||||||
|
|
||||||
|
systemd configuraion for a group of four instances of TAI
|
||||||
|
~~~
|
||||||
|
sudo cp /home/tai/threat-actor-intelligence-server/debian/tai@.service /lib/systemd/system/
|
||||||
|
sudo cp /home/tai/threat-actor-intelligence-server/debian/tai.target /etc/systemd/system/
|
||||||
|
sudo systemctl daemon-reload
|
||||||
|
~~~
|
||||||
|
|
||||||
|
configuring nginx as a reverse proxy to four instances
|
||||||
|
~~~
|
||||||
|
sudo rm /etc/nginx/site-enabled/default
|
||||||
|
sudo cp /home/tai/threat-actor-intelligence-server/debian/nginx-tai.conf /etc/nginx/sites-available/
|
||||||
|
sudo ln -s /etc/nginx/sites-available/nginx-tai.conf /etc/nginx/sites-enabled/
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Lastly, configure systemd to start the TAI servers and nginx automatically
|
||||||
|
~~~
|
||||||
|
sudo systemctl enable tai.target
|
||||||
|
sudo systemctl enable nginx
|
||||||
|
~~~
|
||||||
|
|
||||||
|
|
||||||
# API and public API
|
# API and public API
|
||||||
|
|
||||||
The API is simple and can be queried on the `/query` entry point by POSTing a simple query in JSON format. The query format is
|
The API is simple and can be queried on the `/query` entry point by POSTing a simple query in JSON format. The query format is
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
theme: jekyll-theme-slate
|
|
@ -0,0 +1,14 @@
|
||||||
|
upstream backends {
|
||||||
|
server 127.0.0.1:8000;
|
||||||
|
server 127.0.0.1:8001;
|
||||||
|
server 127.0.0.1:8002;
|
||||||
|
server 127.0.0.1:8003;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://backends;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,6 @@
|
||||||
|
Unit]
|
||||||
|
Description=TAI Servers
|
||||||
|
Requires=tai@8000.service tai@8001.service tai@8002.service tai@8003.service
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -0,0 +1,13 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Threat Actor Intelligence Server
|
||||||
|
PartOf=tai.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
WorkingDirectory=/home/tai/threat-actor-intelligence-server/bin
|
||||||
|
ExecStart=/home/tai/tai-env/bin/python3 tai-server.py --port=%I --address='127.0.0.1'
|
||||||
|
User=tai
|
||||||
|
Restart=on-failure
|
||||||
|
Type=simple
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -1 +1 @@
|
||||||
Subproject commit 8080d2abf590fb8a714cf73f2befc672a1fbccd5
|
Subproject commit 4338af3f0cf3b856397ccbae5de2b7b3d7c75c32
|
Loading…
Reference in New Issue