导航菜单

GitHub

SOCFortress CoPilot

MediumYouTube Channel SubscribersDiscord ShieldGitHub Sponsors

Get in Touch

SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Simplify your open source security stack with a single platform focused on making open source security tools easier to use and more accessible.

demo_timeline

Table of contentsGetting StartedRunning CopilotUpgrading CopilotConnectorsHelpLicenseSponsoringGetting started

Copilot's true power comes from the ability to integrate with your existing security stack. We have built in integrations with the following tools:

WazuhGraylogVelociraptorGrafanaInfluxDB

❗️ Note: Copilot is currently in beta. We are actively working on adding more integrations and features. If you have any suggestions or feedback, please let us know!

Running Copilot

To ease the installation and upgrades, Copilot is shipped in a single docker container. To run Copilot, you will need to have Docker and Docker Compose installed.

❗ WARNING: Copilot is not intended to be exposed to the internet. It is recommended for internal use only.

🔴 - Helpful docker DNS setting

nano /etc/docker/daemon.json{"dns": ["YOUR_DNS_SERVER"],"log-driver": "json-file","log-opts": {"max-size": "10m","max-file": "3"}}In case you need to set MTU{"dns": ["YOUR_DNS_SERVER"],"log-driver": "json-file","log-opts": {"max-size": "10m","max-file": "3"},"mtu": 1450}systemctl daemon-reloadsystemctl restart docker# Clone the CoPilot repositorywget https://raw.githubusercontent.com/socfortress/CoPilot/v0.1.2/docker-compose.yml# Edit the docker-compose.yml file to set the server name and/or the services you want to use# Create the path for storing your datamkdir data# Create the .env file based on the .env.examplenano .env# Run Copilotdocker compose up -d# Once Copilot has started up you can retrieve the admin password by running the following command (Only accessible the first time Copilot is started up)docker logs "$(docker ps --filter ancestor=ghcr.io/socfortress/copilot-backend:latest --format "{{.ID}}")" 2>&1 | grep "Admin user password"

Copilot shall be available on the host interface, port 443, protocol HTTPS - https://.By default, an admin account is created. The password is printed in stdout the very first time Copilot is started. It won't be printed anymore after that.Admin user password can be searched in the logs of the copilot docker to find the password. You will use the plain password to login to the web interface.

🚀 YouTube Tutorial: INSTALLING COPILOT

SSL

By default Copilot uses a self-signed certificate valid for 365 days from install. You can replace the certificate andkey files with your own. These files should be mounted in the copilot-frontend container and you can set the path toyour certificate and key files in the docker-compose.yml file using the TLS_CERT_PATH and TLS_KEY_PATHrespectively.

For Example

# Generate a certificate e.g.openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Then update the docker-compose.yml file to mount the certificate and key files and set the TLS_CERT_PATH and TLS_KEY_PATH environment variables.

copilot-frontend:image: ghcr.io/socfortress/copilot-frontend:latestvolumes:- PATH_TO_YOUR_CERTS:/etc/letsencryptenvironment:- SERVER_HOST=${SERVER_HOST:-localhost} # Set the domain name of your server- TLS_CERT_PATH=/etc/letsencrypt/live/${SERVER_HOST}/fullchain.pem # Set the path to your certificate- TLS_KEY_PATH=/etc/letsencrypt/live/${SERVER_HOST}/privkey.pem # Set the path to your keyports:- "80:80"- "443:443"Upgrading Copilot

🛠 You will likely want to upgrade often as we are frequently pushing new changes.

To upgrade Copilot, you will need to stop the running containers, pull the latest docker image, and start the containers again.

# Stop the running container. Make sure you are in the CoPilot directorydocker compose pull# Start the container againdocker compose up -dConnectors

Copilot is designed to be a single pane of glass for your security operations. Think of it as a hub for all your security tools. Copilot Connectors are the glue that binds your security tools to Copilot. We take advantage of the APIs and webhooks provided by your security tools to provide a seamless integration.

Help

You can reach us on Discord or by 📧 if you have any question, issue or idea!

Check out our full video tutorial series on YouTube

License

The contents of this repository is available under AGPL-3.0 license.

Sponsoring

If you like this project and want to support it, you can consider becoming a sponsor to help us continue maintaining it and adding new features.

GitHub Sponsors

相关推荐: