diff --git a/deployments/docker/soarca/docker-compose.yml b/deployments/docker/soarca/docker-compose.yml index 3a8b2db5..ac64f023 100644 --- a/deployments/docker/soarca/docker-compose.yml +++ b/deployments/docker/soarca/docker-compose.yml @@ -1,4 +1,3 @@ -version: '3.7' services: mongodb_container: image: docker.io/mongo:latest @@ -13,6 +12,23 @@ services: source: mongodb_data_container target: /data/db + caldera: + image: soarca-caldera + build: https://github.com/mitre/caldera.git + networks: + - caldera-net + ports: + - "8888:8888" + - "8443:8443" + - "7010:7010" + - "7011:7011/udp" + - "7012:7012" + - "8853:8853" + - "8022:8022" + - "2222:2222" + profiles: + - caldera + mosquitto: image: docker.io/eclipse-mosquitto container_name: mosquitto @@ -64,9 +80,13 @@ services: THEHIVE_ACTIVATE: false THEHIVE_API_TOKEN: your_token THEHIVE_API_BASE_URL: http://localhost:9000/api/v1/ + CALDERA_HOST: "calera" + CALDERA_PORT: "8888" + CALDERA_API_KEY: "ADMIN123" networks: - db-net - mqtt-net + - caldera-net ports: - 127.0.0.1:8080:8080 depends_on: @@ -76,7 +96,7 @@ services: networks: db-net: mqtt-net: - + caldera-net: volumes: mongodb_data_container: @@ -88,5 +108,3 @@ volumes: o: bind mosquitto_data: mosquitto_log: - - diff --git a/docs/content/en/docs/getting-started/_index.md b/docs/content/en/docs/getting-started/_index.md index 658d51af..9651162f 100644 --- a/docs/content/en/docs/getting-started/_index.md +++ b/docs/content/en/docs/getting-started/_index.md @@ -30,7 +30,7 @@ make build && ./build/soarca wget https://github.com/COSSAS/SOARCA/releases/download/SOARCA_1.0.0/SOARCA_1.0.0_linux_amd64.tar.gz && tar -xvf SOARCA* && ./SOARCA {{< /tab >}} {{< tab header="Docker Compose" lang="sh" >}} -cd docker/soarca && sudo docker compose up -d +cd docker/soarca && docker compose up -d {{< /tab >}} {{< /tabpane >}} @@ -72,6 +72,30 @@ curl -X POST -H "Content-Type: application/json" -d @./example/openc2-playbook.j {{< /tab >}} {{< /tabpane >}} +### Caldera setup + +SOARCA optionally comes packaged together with Caldera. To use the +[Caldera capability](/docs/soarca-extensions/native-capabilities#caldera-capability), simply make +sure you use the right Compose file when running: + +```diff +- cd docker/soarca && docker compose up -d ++ cd docker/soarca && docker compose --profile caldera up -d +``` + +{{% alert title="Warning" %}} +This only works when using Docker Compose to run SOARCA. When building SOARCA from scratch, +you should supply your own Caldera instance and [configure](#configuration) its URL manually. +{{% /alert %}} + +{{% alert title="Warning" %}} +Note that Caldera in this mode operates with default credentials and settings. This is dangerous +for a public-facing setup and therefore not production-ready out of the box. You probably want +to consult the +[Caldera documentation on configuration](https://caldera.readthedocs.io/en/latest/Server-Configuration.html#configuration-file) +before deploying to production. +{{% /alert %}} + ## Configuration SOARCA reads its configuration from the environment variables or a `.env` file. An example of a `.env` is given below: @@ -98,17 +122,31 @@ ENABLE_FINS: false MQTT_BROKER: "localhost" MQTT_PORT: 1883 +CALDERA_HOST: "http://caldera.mydomain.com" +CALDERA_PORT: "8888" +CALDERA_API_KEY: "ADMIN123" + HTTP_SKIP_CERT_VALIDATION: false {{< /tab >}} {{< /tabpane >}} For more custom and advanced deployment instructions go [here](/docs/installation-configuration/_index.md). -### Docker hub -`docker pull cossas/soarca` +## Obtaining + +There are several ways to obtain a copy of the SOARCA software. + +### Docker Hub + +A prebuilt image can be pulled from the +[Docker Hub](https://hub.docker.com/r/cossas/soarca): + +```bash +docker pull cossas/soarca +``` -### Building from Source +### Building from source ```bash git clone https://github.com/COSSAS/SOARCA.git