From 216381fc35a0fc41bd60eef592d6d3930d806d65 Mon Sep 17 00:00:00 2001
From: Mark Boom <git@mpboom.com>
Date: Fri, 31 Jan 2025 23:13:50 +0100
Subject: [PATCH] Add a Caldera service to the Docker setup

---
 deployments/docker/soarca/docker-compose.yml  | 26 +++++++++++++---
 .../content/en/docs/getting-started/_index.md | 16 ++++++++--
 .../docs/installation-configuration/_index.md | 30 +++++++++++++++++++
 3 files changed, 65 insertions(+), 7 deletions(-)

diff --git a/deployments/docker/soarca/docker-compose.yml b/deployments/docker/soarca/docker-compose.yml
index 3a8b2db5..ac64f023 100644
--- a/deployments/docker/soarca/docker-compose.yml
+++ b/deployments/docker/soarca/docker-compose.yml
@@ -1,4 +1,3 @@
-version: '3.7'
 services:
   mongodb_container:
     image: docker.io/mongo:latest
@@ -13,6 +12,23 @@ services:
         source: mongodb_data_container
         target: /data/db
 
+  caldera:
+    image: soarca-caldera
+    build: https://github.com/mitre/caldera.git
+    networks:
+      - caldera-net
+    ports:
+      - "8888:8888"
+      - "8443:8443"
+      - "7010:7010"
+      - "7011:7011/udp"
+      - "7012:7012"
+      - "8853:8853"
+      - "8022:8022"
+      - "2222:2222"
+    profiles:
+      - caldera
+
   mosquitto:
     image: docker.io/eclipse-mosquitto
     container_name: mosquitto
@@ -64,9 +80,13 @@ services:
       THEHIVE_ACTIVATE: false
       THEHIVE_API_TOKEN: your_token
       THEHIVE_API_BASE_URL: http://localhost:9000/api/v1/
+      CALDERA_HOST: "calera"
+      CALDERA_PORT: "8888"
+      CALDERA_API_KEY: "ADMIN123"
     networks:
       - db-net
       - mqtt-net
+      - caldera-net
     ports:
       - 127.0.0.1:8080:8080
     depends_on:
@@ -76,7 +96,7 @@ services:
 networks:
   db-net:
   mqtt-net:
-
+  caldera-net:
 
 volumes:
   mongodb_data_container:
@@ -88,5 +108,3 @@ volumes:
       o: bind
   mosquitto_data:
   mosquitto_log:
-
-
diff --git a/docs/content/en/docs/getting-started/_index.md b/docs/content/en/docs/getting-started/_index.md
index 658d51af..6135481b 100644
--- a/docs/content/en/docs/getting-started/_index.md
+++ b/docs/content/en/docs/getting-started/_index.md
@@ -104,11 +104,21 @@ HTTP_SKIP_CERT_VALIDATION: false
 
 
 For more custom and advanced deployment instructions go [here](/docs/installation-configuration/_index.md).
-### Docker hub
 
-`docker pull cossas/soarca`
+## Obtaining
 
-### Building from Source
+There are several ways to obtain a copy of the SOARCA software.
+
+### Docker Hub 
+
+A prebuilt image can be pulled from the
+[Docker Hub](https://hub.docker.com/r/cossas/soarca):
+
+```bash
+docker pull cossas/soarca
+```
+
+### Building from source
 
 ```bash
 git clone https://github.com/COSSAS/SOARCA.git
diff --git a/docs/content/en/docs/installation-configuration/_index.md b/docs/content/en/docs/installation-configuration/_index.md
index 2ccfe091..623eb1cd 100644
--- a/docs/content/en/docs/installation-configuration/_index.md
+++ b/docs/content/en/docs/installation-configuration/_index.md
@@ -50,6 +50,36 @@ After completing the [Getting Started](/docs/getting-started/_index.md) setup fo
 | THEHIVE_API_TOKEN    | `your_token`                     | Set the API token for The Hive integration.             |
 | THEHIVE_API_BASE_URL | `http://your.thehive.instance/api/v1/` | Set the base URL for The Hive API. Default is `""`.      |
 
+#### Caldera
+
+SOARCA optionally comes packaged together with Caldera. To use the
+[Caldera capability](/docs/soarca-extensions/native-capabilities#caldera-capability), simply make
+sure you use the right Compose file when running:
+
+```diff
+- cd docker/soarca && docker compose up -d
++ cd docker/soarca && docker compose --profile caldera up -d
+```
+
+{{% alert title="Warning" %}}
+This only works when using Docker Compose to run SOARCA. When building SOARCA from scratch,
+you should supply your own Caldera instance and configure its URL manually.
+{{% /alert %}}
+
+| Variable        | Content                       | Description                                 |
+|-----------------|-------------------------------|---------------------------------------------|
+| CALDERA_HOST    | `http://caldera.mydomain.com` | Specify the host Caldera can be reached at. |
+| CALDERA_PORT    | `8888`                        | Specify the port Caldera can be reached at. |
+| CALDERA_API_KEY | `ADMIN123`                    | Configures the Caldera API key to use.      |
+
+{{% alert title="Warning" %}}
+Note that Caldera in this mode operates with default credentials and settings. This is dangerous
+for a public-facing setup and therefore not production-ready out of the box. You probably want
+to consult the
+[Caldera documentation on configuration](https://caldera.readthedocs.io/en/latest/Server-Configuration.html#configuration-file)
+before deploying to production.
+{{% /alert %}}
+
 -----
 
 ### Authentication