Giter Club home page Giter Club logo

iris-web's Introduction

Incident Response Investigation System

IRIS

License: LGPL v3
IRIS is a web collaborative platform for incident response analysts allowing to share investigations at a technical level.

demo_timeline

Getting started

It is divided in two main parts, IrisWeb and IrisModules.

  • IrisWeb is the web application which contains the core of Iris (web interface, database management, etc).
  • IrisModules are extensions of the core that allow third parties to process data via Iris (eg upload and injection of EVTX into Splunk).

IrisWeb can work without any modules and by default none are enabled.

A first module called IrisEVTXModule is provided and installed in IRIS's Python environment when using the docker-compose building process. In order to be added to IRIS and configured, see the documentation.

Run IrisWeb

The app has 5 dockers:

  • app - iriswebapp_app: The core of IrisWeb
  • db: The Postgres database
  • rabbitmq: It's in the name
  • worker: Jobs handler relying on RabbitMq
  • nginx: The reverse proxy

The NGINX service uses the certificate pair specified in .env. A pair is provided in the ./docker/dev_certs repository, but you might want to change with your own certificate. Below is an example command to generate such self-signed certificates:

openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout certificate.key -out certificate.crt

To run:

  1. Clone the repo and cd into it
  2. Copy .env.model into .env
  3. (Optional if you just want to try) If used in production, please configure the .env file at the root of the project:
    1. Nginx: you might want to specify your own certificate as specified above
    2. Database credentials: POSTGRES_PASSWORD and DB_PASS (you can also customise the usernames)
    3. IRIS secrets: SECRET_KEY and SECURITY_PASSWORD_SALT
  4. Build docker-compose build
  5. Run docker-compose up

A first account called administrator is created by default, the password is randomly created and output in the docker app service. If you want to define an admin password at the first start, you can also create and define the environment variable IRIS_ADM_PASSWORD in the app docker instance (see webApp Dockerfile).

Once it is up, go to https://<your_instance>:4433, login as administrator, and start using IRIS! We also recommend immediately changing your administrator's password, either on its profile page or in the Users management page.

Showcase

For a more comprehensive overview of the case features, you can head to tutorials, we've put some videos there.

Documentation

A more comprehensive documentation is available on dfir-iris.github.io, or one can build the documentation available in here.

API

The API reference is available in the documentation or documentation repository.

Help

You can reach us on Discord if you have any question, issue or idea !

License

The contents of this repository is available under LGPL3 license.

iris-web's People

Contributors

whikernel avatar ektoplasma avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.