From 983f827a69452ecf3c9eb37f85c7537c40d9a084 Mon Sep 17 00:00:00 2001 From: Mark Boom Date: Sun, 12 Jan 2025 19:50:19 +0100 Subject: [PATCH] Add a Caldera service to the Docker setup --- deployments/docker/soarca/docker-compose.yml | 24 +++++++++-- .../content/en/docs/getting-started/_index.md | 42 +++++++++++++++++-- 2 files changed, 58 insertions(+), 8 deletions(-) diff --git a/deployments/docker/soarca/docker-compose.yml b/deployments/docker/soarca/docker-compose.yml index 3a8b2db5..4ac58b42 100644 --- a/deployments/docker/soarca/docker-compose.yml +++ b/deployments/docker/soarca/docker-compose.yml @@ -1,4 +1,3 @@ -version: '3.7' services: mongodb_container: image: docker.io/mongo:latest @@ -13,6 +12,23 @@ services: source: mongodb_data_container target: /data/db + caldera: + image: soarca-caldera + build: https://github.com/mitre/caldera.git + networks: + - caldera-net + ports: + - "8888:8888" + - "8443:8443" + - "7010:7010" + - "7011:7011/udp" + - "7012:7012" + - "8853:8853" + - "8022:8022" + - "2222:2222" + profiles: + - caldera + mosquitto: image: docker.io/eclipse-mosquitto container_name: mosquitto @@ -64,9 +80,11 @@ services: THEHIVE_ACTIVATE: false THEHIVE_API_TOKEN: your_token THEHIVE_API_BASE_URL: http://localhost:9000/api/v1/ + CALDERA_URL: "http://caldera:8888" networks: - db-net - mqtt-net + - caldera-net ports: - 127.0.0.1:8080:8080 depends_on: @@ -76,7 +94,7 @@ services: networks: db-net: mqtt-net: - + caldera-net: volumes: mongodb_data_container: @@ -88,5 +106,3 @@ volumes: o: bind mosquitto_data: mosquitto_log: - - diff --git a/docs/content/en/docs/getting-started/_index.md b/docs/content/en/docs/getting-started/_index.md index 658d51af..18e78fe3 100644 --- a/docs/content/en/docs/getting-started/_index.md +++ b/docs/content/en/docs/getting-started/_index.md @@ -30,7 +30,7 @@ make build && ./build/soarca wget https://github.com/COSSAS/SOARCA/releases/download/SOARCA_1.0.0/SOARCA_1.0.0_linux_amd64.tar.gz && tar -xvf SOARCA* && ./SOARCA {{< /tab >}} {{< tab header="Docker Compose" lang="sh" >}} -cd docker/soarca && sudo docker compose up -d +cd docker/soarca && docker compose up -d {{< /tab >}} {{< /tabpane >}} @@ -72,6 +72,30 @@ curl -X POST -H "Content-Type: application/json" -d @./example/openc2-playbook.j {{< /tab >}} {{< /tabpane >}} +### Caldera setup + +SOARCA optionally comes packaged together with Caldera. To use the +[Caldera capability](/docs/soarca-extensions/native-capabilities#caldera-capability), simply make +sure you use the right Compose file when running: + +```diff +- cd docker/soarca && docker compose up -d ++ cd docker/soarca && docker compose --profile caldera up -d +``` + +{{% alert title="Warning" %}} +This only works when using Docker Compose to run SOARCA. When building SOARCA from scratch, +you should supply your own Caldera instance and [configure](#configuration) its URL manually. +{{% /alert %}} + +{{% alert title="Warning" %}} +Note that Caldera in this mode operates with default credentials and settings. This is dangerous +for a public-facing setup and therefore not production-ready out of the box. You probably want +to consult the +[Caldera documentation on configuration](https://caldera.readthedocs.io/en/latest/Server-Configuration.html#configuration-file) +before deploying to production. +{{% /alert %}} + ## Configuration SOARCA reads its configuration from the environment variables or a `.env` file. An example of a `.env` is given below: @@ -104,11 +128,21 @@ HTTP_SKIP_CERT_VALIDATION: false For more custom and advanced deployment instructions go [here](/docs/installation-configuration/_index.md). -### Docker hub -`docker pull cossas/soarca` +## Obtaining + +There are several ways to obtain a copy of the SOARCA software. + +### Docker Hub + +A prebuilt image can be pulled from the +[Docker Hub](https://hub.docker.com/r/cossas/soarca): + +```bash +docker pull cossas/soarca +``` -### Building from Source +### Building from source ```bash git clone https://github.com/COSSAS/SOARCA.git