Skip to content
Snippets Groups Projects
Commit 9671be87 authored by Matevz Erzen's avatar Matevz Erzen
Browse files

Removed unneeded files, changed collector playbook

parent e8ae5549
No related branches found
No related tags found
No related merge requests found
Copyright (C) 2021 XLAB d.o.o.
Use of this software allowed only to MEDINA partners for the purpose of research in the scope of MEDINA project, as specified in the MEDINA Consortium Agreement.
No commercial use allowed.
This program is distributed without any warranty.
\ No newline at end of file
Security monitoring FISHY.png

38 KiB

@startuml
participant "FISHY agent" as FISHY_agent
participant "Security monitoring Tool (appliance runtime)" as SecurityMonitoring #99FF99
group Configure FISHY security monitoring via FISHY Agent
FISHY_agent->SecurityMonitoring: Configure security monitroing
SecurityMonitoring -> SecurityMonitoring: Configure server (rules)
SecurityMonitoring -> SecurityMonitoring: Configure agents (register agents, define rules)
SecurityMonitoring -> FISHY_agent: Security monitoring configured
note over SecurityMonitoring:The server and agents should be deployed beforehand via FISHY Agent
end
group Start security monitoring
FISHY_agent->SecurityMonitoring: Start security monitoring
SecurityMonitoring -> SecurityMonitoring : Start security monitoring
FISHY_agent<-SecurityMonitoring: Security monitoring started
end
group Security monitoring runtime
FISHY_agent<-SecurityMonitoring: Send monitoring alert
end
group Stop monitoring
FISHY_agent ->SecurityMonitoring: Stop security monitoring
SecurityMonitoring ->FISHY_agent: Security monitoring stopped
end
@enduml
\ No newline at end of file
@startuml
participant RuntimeController
participant RuntimeMonitoring
participant SecurityMonitoring #99FF99
participant DOML
participant Selflearning
group Configure security monitoring
RuntimeController->SecurityMonitoring: Start security monitoring configuration
SecurityMonitoring -> DOML: Acquire information about the NFRs to configure security monitoring
SecurityMonitoring -> SecurityMonitoring: Configure server (rules)
SecurityMonitoring -> SecurityMonitoring: Configure agents (register agents, define rules)
SecurityMonitoring -> RuntimeController: Security monitoring configured
note over SecurityMonitoring,RuntimeController:The server and agents should be deployed beforehand (included in the IaC already? Described within DOML/IaC implicitly?)
end
group Start security monitoring
RuntimeController->SecurityMonitoring: Start security monitoring
SecurityMonitoring -> SecurityMonitoring : Start security monitoring
RuntimeController<-SecurityMonitoring: Security monitoring started
end
group Security monitoring runtime
Selflearning<-SecurityMonitoring: Send notification/alarm
end
group Stop security monitoring
RuntimeController ->SecurityMonitoring: Stop security monitoring
SecurityMonitoring ->RuntimeController: Security monitoring stopped
end
@enduml
\ No newline at end of file
out/Security monitoring PIACERE/Security monitoring PIACERE.png

52.2 KiB

......@@ -4,7 +4,7 @@
name: docker-ce-stable
file: docker
description: Docker CE Stable - $basearch
baseurl: https://download.docker.com/linux/centos/7/$basearch/stable
baseurl: https://download.docker.com/linux/centos/8/$basearch/stable
enabled: yes
gpgcheck: yes
gpgkey: https://download.docker.com/linux/centos/gpg
......
......@@ -7,7 +7,24 @@
roles:
- docker
tasks:
- name: Login to Docker registry
shell: "docker login -u {{ docker_username }} -p {{ docker_token }} {{ docker_registry }}"
# Required by Ansible Docker module
- name: Install python3.6
package:
name: python36
state: present
- name: Install docker-py
pip:
name: docker-py
- name: Log in to Docker image registry
docker_login:
registry: "{{ docker_registry }}"
username: "{{ docker_username }}"
password: "{{ docker_token }}"
reauthorize: yes
- name: Run Docker container
shell: "docker run --name evidence-collector -d {{ docker_registry }}/medina/evidence-collector:latest"
\ No newline at end of file
docker_container:
name: evidence-collector
image: "{{ docker_registry }}/medina/evidence-collector:latest"
state: started
pull: yes
restart_policy: always
\ No newline at end of file
......@@ -5,28 +5,28 @@ servers=[
{
:hostname => "manager",
:ip => "192.168.33.10",
:box => "centos/7",
:box => "centos/8",
:ram => 4096,
:cpu => 2
},
{
:hostname => "agent1",
:ip => "192.168.33.11",
:box => "centos/7",
:box => "centos/8",
:ram => 512,
:cpu => 1
},
{
:hostname => "agent2",
:ip => "192.168.33.12",
:box => "centos/7",
:box => "centos/8",
:ram => 512,
:cpu => 1
},
{
:hostname => "evidence-collector",
:ip => "192.168.33.13",
:box => "centos/7",
:box => "centos/8",
:ram => 2048,
:cpu => 2
}
......
@startuml
skinparam nodesep 5
package "Wazuh Server" {
[Kibana server]
[Kibana server] --> [ElasticSearch]: KQL
[Wazuh cluster] --> [ElasticSearch]: Filebeat
}
interface "Log collector" as LC
interface "File integrity monitoring" as FIM
interface "Command execution" as CE
interface "Security configuration assessment" as SCA
interface "Malware detection" as MD
interface "System inventory" as SI
interface "Cloud security monitoring" as SCM
interface "Container security monitoring" as CSM
LC -down- [Wazuh agent]
CE -down- [Wazuh agent]
FIM -down- [Wazuh agent]
SCA -down- [Wazuh agent]
MD -down- [Wazuh agent]
SI -down- [Wazuh agent]
SCM -down- [Wazuh agent]
CSM -down- [Wazuh agent]
[Wazuh agent] --> [Wazuh cluster]: TCP or UDP (encrypted)
@enduml
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment