forked from certsocietegenerale/FIR
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 7f1d550
Showing
261 changed files
with
31,976 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,70 @@ | ||
| /fir/config/production.py | ||
| /fir/config/prodendev.py | ||
| /fir/config/dev.py | ||
| /fir/config/installed_apps.txt | ||
| /fir/urls.py | ||
|
|
||
| # Dev | ||
| db.sqlite3 | ||
|
|
||
| # Byte-compiled / optimized / DLL files | ||
| __pycache__/ | ||
| *.py[cod] | ||
|
|
||
| # C extensions | ||
| *.so | ||
|
|
||
| # Distribution / packaging | ||
| .Python | ||
| env/ | ||
| build/ | ||
| develop-eggs/ | ||
| dist/ | ||
| downloads/ | ||
| eggs/ | ||
| lib/ | ||
| lib64/ | ||
| parts/ | ||
| sdist/ | ||
| var/ | ||
| *.egg-info/ | ||
| .installed.cfg | ||
| *.egg | ||
|
|
||
| # PyInstaller | ||
| # Usually these files are written by a python script from a template | ||
| # before PyInstaller builds the exe, so as to inject date/other infos into it. | ||
| *.manifest | ||
| *.spec | ||
|
|
||
| # Installer logs | ||
| pip-log.txt | ||
| pip-delete-this-directory.txt | ||
|
|
||
| # Unit test / coverage reports | ||
| htmlcov/ | ||
| .tox/ | ||
| .coverage | ||
| .cache | ||
| nosetests.xml | ||
| coverage.xml | ||
|
|
||
| # Translations | ||
| *.mo | ||
| *.pot | ||
|
|
||
| # Django stuff: | ||
| *.log | ||
|
|
||
| # Sphinx documentation | ||
| docs/_build/ | ||
|
|
||
| # PyBuilder | ||
| target/ | ||
|
|
||
| # Mac | ||
| .DS_Store | ||
|
|
||
| # virtualenv | ||
| /include | ||
| /bin |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # What is FIR? Who is it for? | ||
|
|
||
| FIR (Fast Incident Response) is an cybersecurity incident management framework designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents. | ||
|
|
||
| FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It's was tailored to suit our needs and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it so that other teams around the world may also use it and customize it as they see fit. | ||
|
|
||
|  | ||
|  | ||
|
|
||
|
|
||
| # Installation | ||
|
|
||
| There are two ways to install FIR. If you want to take it for a test-drive, just follow the instructions for [setting up a development environment](https://github.com/certsocietegenerale/FIR/wiki/Setting-up-a-development-environment) in the Wiki. | ||
|
|
||
| If you like it and want to set it up for production, [here's how to do it](https://github.com/certsocietegenerale/FIR/wiki/Installation-on-a-production-environment). | ||
|
|
||
| # Technical specs | ||
|
|
||
| FIR is written in Python (but you probably already knew that), using Django 1.7.6. It uses Bootstrap 3 and some Ajax and d3js to make it pretty. We use it with a MySQL back-end, but feel free to use any other DB adaptor you might want - as long as it's compatible with Django, you shouldn't run into any major issues. | ||
|
|
||
| FIR is not greedy performance-wise. It will run smoothly on a Ubuntu 14.04 virtual machine with 1 core, a 40 GB disk and 1 GB RAM. | ||
|
|
||
| # Roadmap | ||
|
|
||
| * Nested Todos | ||
| * REST API | ||
| * Mailman | ||
| * You name it :) |
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,105 @@ | ||
| import os | ||
|
|
||
| BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(os.path.dirname(__file__)))) | ||
|
|
||
| # Django settings for fir project. | ||
|
|
||
| LOGIN_URL = "/login" | ||
| LOGOUT_URL = "/logout" | ||
|
|
||
| # Local time zone for this installation. Choices can be found here: | ||
| # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name | ||
| # although not all choices may be available on all operating systems. | ||
| # In a Windows environment this must be set to your system time zone. | ||
| TIME_ZONE = 'Europe/Paris' | ||
|
|
||
| # Language code for this installation. All choices can be found here: | ||
| # http://www.i18nguy.com/unicode/language-identifiers.html | ||
| LANGUAGE_CODE = 'en-us' | ||
|
|
||
| SITE_ID = 1 | ||
|
|
||
| # If you set this to False, Django will make some optimizations so as not | ||
| # to load the internationalization machinery. | ||
| USE_I18N = True | ||
|
|
||
| # If you set this to False, Django will not format dates, numbers and | ||
| # calendars according to the current locale. | ||
| USE_L10N = True | ||
|
|
||
| # If you set this to False, Django will not use timezone-aware datetimes. | ||
| USE_TZ = False | ||
|
|
||
| # URL that handles the media served from MEDIA_ROOT. Make sure to use a | ||
| # trailing slash. | ||
| # Examples: "http://media.lawrence.com/media/", "http://example.com/media/" | ||
| MEDIA_URL = '/files/' | ||
|
|
||
| # URL prefix for static files. | ||
| # Example: "http://media.lawrence.com/static/" | ||
| STATIC_URL = '/static/' | ||
|
|
||
| # List of finder classes that know how to find static files in | ||
| # various locations. | ||
| STATICFILES_FINDERS = ( | ||
| 'django.contrib.staticfiles.finders.FileSystemFinder', | ||
| 'django.contrib.staticfiles.finders.AppDirectoriesFinder', | ||
| # 'django.contrib.staticfiles.finders.DefaultStorageFinder', | ||
| ) | ||
|
|
||
| MIDDLEWARE_CLASSES = ( | ||
| 'django.middleware.common.CommonMiddleware', | ||
| 'django.contrib.sessions.middleware.SessionMiddleware', | ||
| 'django.middleware.csrf.CsrfViewMiddleware', | ||
| 'django.contrib.auth.middleware.AuthenticationMiddleware', | ||
| 'django.contrib.messages.middleware.MessageMiddleware', | ||
| # Uncomment the next line for simple clickjacking protection: | ||
| # 'django.middleware.clickjacking.XFrameOptionsMiddleware', | ||
| ) | ||
|
|
||
| # Absolute filesystem path to the directory that will hold user-uploaded files | ||
| MEDIA_ROOT = os.path.join(BASE_DIR, 'uploads') | ||
|
|
||
| # Absolute path to the directory static files should be collected to. | ||
| # Don't put anything in this directory yourself; store your static files | ||
| # in apps' "static/" subdirectories and in STATICFILES_DIRS. | ||
| STATIC_ROOT = os.path.join(BASE_DIR, 'static') | ||
|
|
||
| ROOT_URLCONF = 'fir.urls' | ||
|
|
||
| # Python dotted path to the WSGI application used by Django's runserver. | ||
| WSGI_APPLICATION = 'fir.wsgi.application' | ||
|
|
||
| INSTALLED_APPS = ( | ||
| 'django.contrib.auth', | ||
| 'django.contrib.contenttypes', | ||
| 'django.contrib.sessions', | ||
| 'django.contrib.sites', | ||
| 'django.contrib.messages', | ||
| 'django.contrib.staticfiles', | ||
| 'incidents', | ||
| 'django.contrib.admin', | ||
| 'fir_plugins', | ||
| 'fir_artifacts' | ||
| ) | ||
|
|
||
| apps_file = os.path.join(BASE_DIR, 'fir', 'config', 'installed_apps.txt') | ||
| if os.path.exists(apps_file): | ||
| apps = list(INSTALLED_APPS) | ||
| with open(apps_file) as f: | ||
| for line in f.readlines(): | ||
| line = line.strip() | ||
| if line != "": | ||
| apps.append(line) | ||
|
|
||
| INSTALLED_APPS = tuple(apps) | ||
|
|
||
| TEMPLATE_CONTEXT_PROCESSORS = ( | ||
| "django.contrib.auth.context_processors.auth", | ||
| "django.core.context_processors.debug", | ||
| "django.core.context_processors.i18n", | ||
| "django.core.context_processors.media", | ||
| "django.core.context_processors.static", | ||
| "django.core.context_processors.request", | ||
| "django.contrib.messages.context_processors.messages" | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| fir_alerting | ||
| fir_todos | ||
| fir_nuggets |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| # This is the production settings ! | ||
| # All settings that do not change across environments should be in 'fir.settings.base' | ||
| from fir.config.base import * | ||
|
|
||
| ################################################################ | ||
| ##### Change these values | ||
| ################################################################ | ||
|
|
||
| ALLOWED_HOSTS = ['FIR.DOMAIN.COM'] | ||
|
|
||
| DATABASES = { | ||
| 'default': { | ||
| 'ENGINE': 'django.db.backends.mysql', | ||
| 'NAME': 'fir', | ||
| 'USER': 'fir', | ||
| 'PASSWORD': '', | ||
| 'HOST': '', | ||
| 'PORT': '', | ||
| } | ||
| } | ||
|
|
||
| # SMTP SETTINGS | ||
| EMAIL_HOST = 'SMTP.DOMAIN.COM' | ||
| EMAIL_PORT = 25 | ||
|
|
||
| # Uncomment this line to set a different reply-to address when sending alerts | ||
| # REPLY_TO = other@address.com | ||
|
|
||
| # SECRET KEY | ||
| SECRET_KEY = 'CHANGE_DUMMY_KEY_PLEASE' | ||
|
|
||
| ################################################################ | ||
|
|
||
| DEBUG = False | ||
| TEMPLATE_DEBUG = DEBUG | ||
|
|
||
| # List of callables that know how to import templates from various sources. | ||
| # In production, we want to cache templates in memory | ||
| TEMPLATE_LOADERS = ( | ||
| ('django.template.loaders.cached.Loader', ( | ||
| 'django.template.loaders.filesystem.Loader', | ||
| 'django.template.loaders.app_directories.Loader', | ||
| )), | ||
| ) | ||
|
|
||
| LOGGING = { | ||
| 'version': 1, | ||
| 'formatters': { | ||
| 'verbose': { | ||
| 'format': '%(asctime)s: %(module)s %(filename)s:%(lineno)d(%(funcName)s)\n%(message)s' | ||
| }, | ||
| }, | ||
| 'handlers': { | ||
| 'file': { | ||
| 'level': 'DEBUG', | ||
| 'class': 'logging.FileHandler', | ||
| 'filename': os.path.join(BASE_DIR, 'logs', 'errors.log'), | ||
| 'formatter': 'verbose', | ||
| }, | ||
| }, | ||
| 'loggers': { | ||
| 'django.request': { | ||
| 'handlers': ['file'], | ||
| 'level': 'ERROR', | ||
| 'propagate': True, | ||
| }, | ||
| }, | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # This file contains development specific settings | ||
| # Base settings should go to settings/base.py | ||
| # Production settings should go to settings/production.py | ||
| from fir.config.base import * | ||
|
|
||
| # DEBUG to True to have helpful error pages | ||
| DEBUG = True | ||
| TEMPLATE_DEBUG = DEBUG | ||
|
|
||
| # Sqlite3 database backend | ||
| DATABASES = { | ||
| 'default': { | ||
| 'ENGINE': 'django.db.backends.sqlite3', | ||
| 'NAME': os.path.join(BASE_DIR, 'db.sqlite3'), | ||
| } | ||
| } | ||
|
|
||
| # Do not send real emails, print them to the console instead: | ||
| EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' | ||
|
|
||
| # List of callables that know how to import templates from various sources. | ||
| TEMPLATE_LOADERS = ( | ||
| 'django.template.loaders.filesystem.Loader', | ||
| 'django.template.loaders.app_directories.Loader', | ||
| ) | ||
|
|
||
| # Dummy key for development | ||
| SECRET_KEY = 'DUMMY_KEY_FOR_DEVELOPMENT_DO_NOT_USE_IN_PRODUCTION' | ||
|
|
||
| try: | ||
| from fir.config.dev import * | ||
| except ImportError: | ||
| pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| from django.conf.urls import patterns, include, url | ||
|
|
||
| # Uncomment the next two lines to enable the admin: | ||
| from django.contrib import admin | ||
| admin.autodiscover() | ||
|
|
||
| urlpatterns = patterns('', | ||
| url(r'^incidents/', include('incidents.urls', namespace='incidents')), | ||
| url(r'^search/$', 'incidents.views.search', name='search'), | ||
| url(r'^events/', include('incidents.custom_urls.events', namespace='events')), | ||
| url(r'^login/', 'incidents.views.user_login', name='login'), # have a "main module" | ||
| url(r'^logout/', 'incidents.views.user_logout', name='logout'), # main module | ||
| url(r'^artifacts/', include('incidents.custom_urls.artifacts', namespace='artifacts')), | ||
| url(r'^stats/', include('incidents.custom_urls.stats', namespace='stats')), | ||
| url(r'^ajax/', include('incidents.custom_urls.ajax', namespace='ajax')), | ||
| url(r'^user/', include('incidents.custom_urls.user', namespace='user')), | ||
| url(r'^dashboard/', include('incidents.custom_urls.dashboard', namespace='dashboard')), | ||
| url(r'^admin/', include(admin.site.urls)), | ||
| url(r'^$', 'incidents.views.index'), | ||
|
|
||
| # alerting | ||
| url(r'^alerting/', include('fir_alerting.urls', namespace='alerting')), | ||
|
|
||
| # todos | ||
| url(r'^todos/', include('fir_todos.urls', namespace='todos')), | ||
|
|
||
| # nuggets | ||
| url(r'^nuggets/', include('fir_nuggets.urls', namespace='nuggets')), | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| """ | ||
| WSGI config for fir project. | ||
| This module contains the WSGI application used by Django's development server | ||
| and any production WSGI deployments. It should expose a module-level variable | ||
| named ``application``. Django's ``runserver`` and ``runfcgi`` commands discover | ||
| this application via the ``WSGI_APPLICATION`` setting. | ||
| Usually you will have the standard Django WSGI application here, but it also | ||
| might make sense to replace the whole Django WSGI application with a custom one | ||
| that later delegates to the Django one. For example, you could introduce WSGI | ||
| middleware here, or combine a Django application with an application of another | ||
| framework. | ||
| """ | ||
| import os | ||
|
|
||
| os.environ.setdefault("DJANGO_SETTINGS_MODULE", "fir.settings") | ||
|
|
||
| # This application object is used by any WSGI server configured to use this | ||
| # file. This includes Django's development server, if the WSGI_APPLICATION | ||
| # setting points here. | ||
| from django.core.wsgi import get_wsgi_application | ||
| application = get_wsgi_application() | ||
|
|
||
| # Apply WSGI middleware here. | ||
| # from helloworld.wsgi import HelloWorldApplication | ||
| # application = HelloWorldApplication(application) |
Oops, something went wrong.