Skip to content

blackrussian84/10root

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

196 Commits
setup_platform
setup_platform
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

10root stack

Goal: The goal of this project is to create a stack of services that can be used for incident response and threat hunting.

Description: This stack contains a set of the services, which are combined with the docker compose file. Each app has its own folder with the docker compose file, all apps use one network.

Current status

The current implementation is a POC, which is not stable from time to time. The main goal is to have a working stack with the following services:

Click to open the list of the APPS

This stack is growing, you find a complete list of the services in the file resources/default.env in the environment variable APPS_TO_INSTALL.

  1. CyberChef. Description: CyberChef is a simple, intuitive web app for carrying out all manners of "cyber" operations within a web browser.
  2. ELK. Description: Elasticsearch, Kibana & Logstash. The ELK stack is a log management platform for collecting, searching, and analyzing logs.
  3. Iris. Description: Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations.
  4. Nightingale. Description: An Open Source Next Generation Electronic Death Registration System.
  5. Portainer. Description: Portainer is a lightweight management UI that allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters).
  6. Strelka. Description: Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response.
  7. Timesketch. Description: Timesketch is an open-source tool for collaborative forensic timeline analysis.
  8. Velociraptor. Description: Velociraptor is a tool for collecting host-based state information using The Velociraptor Query Language (VQL) queries.
  9. Nginx. Description: Nginx is a web server that proxy all requests to the services in this stack.
  10. Prowler. Description: Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more.
  11. OpenCTI. Description: OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.
  12. Misp. Description: MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis.

Resources

All settings are located in the resources folder.

Scripts

All scripts are located in the scripts folder.

The following scripts are available:

  • endtoend.sh - start the stack
  • cleanup.sh - stop and remove the stack
    • Use cleanup.sh --help to see the available options

Pre-requirements

Click to open the list of the pre-requirements

This stack is growing, you find a complete list of the requirements in the file resources/default.env in the environment variable REQUIRED_PACKAGES.

  • Docker; client and server ~ 20.10
  • docker compose plugin v2 ~ 2.26
  • Git ~ 2.34
  • yq ~ 4.44
  • bash shell ~ 5.0
  • unzip ~ 6.0
  • rsync ~ 3.2

our version is a modified version of the original code

10root

About

No description, website, or topics provided.

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages