Home

Getting Started

Welcome to the Bearded-Avenger Deployment Kit! This Kit will help you get CIFv3 up and running using the latest stable release using a combination of bash and ansible.

Ubuntu 16 LTS is the operating system in which CIFv3 is developed against and is the most commonly used. RHEL7/CentOS7 are the second most common platforms used by the community, but lags in community support. If you run into a problem, be sure to first checkout:

FAQ <--- Need Help? Read this first!
Known Issues ... then check this.
Mailing List .. then email the list.
Contributions ... then send a pull-request :)
Advanced Help .. Partner with us!

Before You Dive Straight In

Check out the Where do I start? Page
Glance over The CIFv3 Book

the EasyButton (~10min)

pull the latest release of the DeploymentKit

bash the easy-button

$ tar -zxvf bearded-avenger-deploymentkit-3.0.x.tar.gz
$ cd bearded-avenger-deploymentkit-3.0.x
$ sudo bash easybutton.sh
$ sudo su - cif
$ cif -p

Your userspace tokens will be set here: ~/.cif.yml and ~/.cifrc
Create an API token on CSIRTG and add it to /etc/cif/rules/csirtg.yml [optional, gets you free access to more data]
csirtg-smrt will take ~5min to start running after initial install is complete, and a few more minutes there-after to do it's initial processing run. After ~15 to 20min, test for data by running:
```
$ sudo su - cif
$ cif --itype ipv4 --tags scanner -d
```
If no data is returned, check the logs to make sure everything is running properly:
```
$ sudo journalctl -fu csirtg-smrt*
$ sudo journalctl -fu cif-router*
```
Need more help? Check out the FAQ Page.
Now on to Where do I start?

Architecture

                                                              cif-gatherer
                                                               ^        +
                                                               |        |
                                                               +        v
csirtg-smrt +--> cifsdk  +--------->  cif-httpd +------------> cif-router +-----> cif-store +-----> elasticsearch
                                                               +
                                           ^                   |        ^
                                           |                   |        |
                                           |                   v        +
                                           |                   cif-hunter
                                           +

                                        cifsdk

Fine Print

bleeding-edge style distro's (eg: release cycles less than 18-24months, Fedora, non-LTS-release ubuntu, etc...) are highly discouraged and are generally not supported. THIS INCLUDES 'DESKTOP' distro's that have a 'SERVER' counterpart unless you have giant truck-loads of cash. then we'll consider it... maybe.

Reference: https://groups.google.com/forum/#!topic/ci-framework/2A8Hhv9WG-g

FAQ
the CIFv3 Book
Hardware
Playbook's
- Ubuntu16LTS
- CentOS7
Where do I start?
Development Guide
- Python SDK
- REST API
What Changed?
Getting Involved
Home

Provide feedback

Saved searches