dfir-iris / iris-web
- суббота, 1 января 2022 г. в 00:32:48
Incident Response collaborative platform
Incident Response Investigation System
IRIS is a web collaborative platform for incident response analysts allowing to share investigations at a technical level.
It is divided in two main parts, IrisWeb and IrisModules.
IrisWeb can work without any modules and by default none are enabled.
A first module called IrisEVTXModule is provided and installed in IRIS's Python environment when using the docker-compose building process. In order to be added to IRIS and configured, see the documentation.
The app has 5 dockers:
app - iriswebapp_app
: The core of IrisWebdb
: The Postgres databaserabbitmq
: It's in the nameworker
: Jobs handler relying on RabbitMqnginx
: The reverse proxyThe NGINX service uses the certificate pair specified in .env. A pair is provided
in the ./docker/dev_certs
repository, but you might want to change with your own certificate.
Below is an example command to generate such self-signed certificates:
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout certificate.key -out certificate.crt
To run:
.env.model
into .env
docker-compose build
docker-compose up
A first account called administrator is created by default, the password is randomly
created and output in the docker app
service. If you want to define an admin password
at the first start, you can also create and define the environment variable IRIS_ADM_PASSWORD
in the app
docker instance (see webApp Dockerfile).
Once it is up, go to https://<your_instance>:4433, login as administrator, and start using IRIS! We also recommend immediately changing your administrator's password, either on its profile page or in the Users management page.
For a more comprehensive overview of the case features, you can head to tutorials, we've put some videos there.
A more comprehensive documentation is available on dfir-iris.github.io, or one can build the documentation available in here.
The API reference is available in the documentation or documentation repository.
You can reach us on Discord if you have any question, issue or idea !
The contents of this repository is available under LGPL3 license.