-
Notifications
You must be signed in to change notification settings - Fork 521
FIR
Please note! This wiki is no longer maintained. Our documentation has moved to https://securityonion.net/docs/. Please update your bookmarks. You can find the latest version of this page at: https://securityonion.net/docs/FIR.
From: https://github.com/certsocietegenerale/FIR
FIR (Fast Incident Response) is an cybersecurity incident management platform designed with agility and speed in mind. It >allows for easy creation, tracking, and reporting of cybersecurity incidents.
FIR is for anyone needing to track cybersecurity incidents (CSIRTs, CERTs, SOCs, etc.). It's was tailored to suit our >needs >and our team's habits, but we put a great deal of effort into making it as generic as possible before releasing it >so that >other teams around the world may also use it and customize it as they see fit.
We can add FIR to Security Onion as a Docker container to enhance its current capabilities and leverage the great work from the folks at CERT Societe Generale.
Please keep in mind we do not officially support FIR, so installation is at your own risk.
Also, please keep in mind, this integration currently only works with Security Onion on the Elastic stack (w/ Docker installed).
To install FIR on Security Onion:
Get the install script:
sudo wget https://raw.githubusercontent.com/weslambert/securityonion-fir/master/install_fir
Make the script executable :
sudo chmod +x install_fir
Run the script:
sudo ./install_fir
Follow the prompts, and once finished, you should be able to navigate to FIR via https://domain.you.specified.
(Note this address in also referenced in /etc/apache2/sites-available/fir.conf.)
Keep in mind, FIR is still accessible at http://localhost:8001, so you will want to make sure only port 443 is allowed externally, or alter your web server settings appropriately.
Also note, to access FIR by the above name you will need to:
- configure a hosts file on your local host
or - create a DNS record pointing to it.
For more information on the FIR, see here:
https://github.com/certsocietegenerale/FIR
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs