Dfirtrack - The Incident Answer Tracking Application
Friday, September 20, 2019
Edit
Dfirtrack - The Incident Answer Tracking Application - Hi friends mederc, In the article that you read this time with the title Dfirtrack - The Incident Answer Tracking Application, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts
Article DFIRTrack,
Article Digital Forensics,
Article Django,
Article Forensics,
Article Incident Management,
Article Incident Response,
Article Incident Response Tooling,
Article Linux,
Article Mac,
Article PostgreSQL,
Article Tracking,
Article Virtual Machine,
Article Windows, we write this you can understand. Alright, happy reading.
Title : Dfirtrack - The Incident Answer Tracking Application
link : Dfirtrack - The Incident Answer Tracking Application
Installation as well as dependencies
DFIRTrack is developed for deploying on Debian Stretch or Ubuntu 16.04. Other Debian based distributions or versions may piece of occupation but were non tested yet. At the minute the projection volition endure focused on Ubuntu LTS as well as Debian releases.
For fast as well as uncomplicated installation on a dedicated server including all dependencies an Ansible playbook as well as role was written (available here). For testing a docker environs was prepared (see below).
For a minimal setup the next dependencies are needed:
Docker Environment
An experimental Docker Compose environs for local-only usage is provided inwards this project. Run the next ascendance inwards the projection root directory to inaugural of all the environment:
Built-in software
The application was created past times implementing the next libraries as well as code:
Development
There are ii primary branches:
Disclaimer
This software is inwards an early on alpha stage then a lot of piece of occupation has to endure done. Even if to a greater extent than or less basic mistake checking is implemented, every bit of at in 1 trial the usage of DFIRTrack mainly depends on proper handling.
DFIRTrack was non as well as most probable volition never endure intended for usage on publicly available servers. Nevertheless to a greater extent than or less basic safety features were implemented (in especial inwards connectedness alongside the corresponding ansible role) ever install DFIRTrack inwards a secured environs (e. g. a dedicated virtual machine or inwards a separated network)!
You are now reading the article Dfirtrack - The Incident Answer Tracking Application with the link address https://mederc.blogspot.com/2019/09/dfirtrack-incident-answer-tracking.html
Title : Dfirtrack - The Incident Answer Tracking Application
link : Dfirtrack - The Incident Answer Tracking Application
Dfirtrack - The Incident Answer Tracking Application
DFIRTrack (Digital Forensics as well as Incident Response Tracking application) is an opened upwards source spider web application mainly based on Django using a PostgreSQL database backend.
In contrast to other slap-up incident reply tools, which are mainly case-based as well as back upwards the piece of occupation of CERTs, SOCs etc. inwards their daily business, DFIRTrack is focused on treatment 1 major incident alongside a lot of affected systems every bit it is oftentimes observed inwards APT cases. It is meant to endure used every bit a tool for dedicated incident reply teams inwards large cases. So, of course, CERTs as well as SOCs may utilisation DFIRTrack every bit well, but they may experience it volition endure to a greater extent than appropriate inwards special cases instead of every twenty-four hr menstruum work.
In contrast to case-based applications, DFIRTrack industrial plant inwards a system-based fashion. It keeps rail of the condition of diverse systems as well as the tasks associated alongside them, keeping the analyst well-informed almost the condition as well as number of affected systems at whatever fourth dimension during the investigation stage upwards to the remediation stage of the incident reply process.
Features
One focus is the fast as well as reliable import as well as export of systems as well as associated information. The finish for importing systems is to supply a fast as well as error-free procedure. Moreover, the finish for exporting systems as well as their condition is to convey multiple instances of documentation: for instance, detailed Markdown reports for technical staff vs. spreadsheets for non-technical audiences without redundancies as well as deviations inwards the information sets. H5N1 manager whose numbers check is a happy manager! ;-)
The next functions are implemented for now:
- Importer
- Creator (fast creation of multiple related instances via spider web interface) for systems as well as tasks,
- CSV (simple as well as generic CSV based import (either hostname as well as IP or hostname as well as tags combined alongside a spider web form), should fit for the export capabilities of many tools),
- Markdown for entries (one entry per system(report)).
- Exporter
- Markdown for so-called organization reports (for utilisation inwards a MkDocs structure),
- Spreadsheet (CSV as well as XLS),
- LaTeX (planned).
Installation as well as dependencies
DFIRTrack is developed for deploying on Debian Stretch or Ubuntu 16.04. Other Debian based distributions or versions may piece of occupation but were non tested yet. At the minute the projection volition endure focused on Ubuntu LTS as well as Debian releases.
For fast as well as uncomplicated installation on a dedicated server including all dependencies an Ansible playbook as well as role was written (available here). For testing a docker environs was prepared (see below).
For a minimal setup the next dependencies are needed:
django
(2.0),django_q
,djangorestframework
,gunicorn
,postgresql
,psycopg2-binary
,python3-pip
,PyYAML
,requests
,virtualenv
,xlwt
.
settings.py
inwards this repository. This file is submitted via Ansible or has to endure copied as well as configured past times hand. That volition endure changed inwards the hereafter (see issues for to a greater extent than information).Docker Environment
An experimental Docker Compose environs for local-only usage is provided inwards this project. Run the next ascendance inwards the projection root directory to inaugural of all the environment:
docker-compose up
H5N1 user admin is already created. H5N1 password tin dismiss endure laid with:docker/setup_admin.sh
The application is located at localhost:8000.Built-in software
The application was created past times implementing the next libraries as well as code:
Development
There are ii primary branches:
master
development
Disclaimer
This software is inwards an early on alpha stage then a lot of piece of occupation has to endure done. Even if to a greater extent than or less basic mistake checking is implemented, every bit of at in 1 trial the usage of DFIRTrack mainly depends on proper handling.
DFIRTrack was non as well as most probable volition never endure intended for usage on publicly available servers. Nevertheless to a greater extent than or less basic safety features were implemented (in especial inwards connectedness alongside the corresponding ansible role) ever install DFIRTrack inwards a secured environs (e. g. a dedicated virtual machine or inwards a separated network)!
Thus the article Dfirtrack - The Incident Answer Tracking Application
That's all the article Dfirtrack - The Incident Answer Tracking Application this time, hopefully can benefit you all. okay, see you in another article posting.
You are now reading the article Dfirtrack - The Incident Answer Tracking Application with the link address https://mederc.blogspot.com/2019/09/dfirtrack-incident-answer-tracking.html