Collective Intelligence Framework v3 - Part 1

Basic About CTI


Cyber Threat intelligence(CTI) is a Technology which helps an Organization to collect and Analyze threat data received from multiple resources. Cyber threat intelligence is an automation process where it accumulate data from various external resources (such as FEEDS) and recognize the threats suitable for the Organization. By importing the Data from CTI, the next step is to exporting the CTI data into Existing Security systems.

Collective intelligence Framework is an underlying Structure of CTI which helps any organization to gather all Threat Data at one place.

In this blog we are discussing how to Install Collective Intelligence Framework v3 (Bearded Avenger) into security structure.

Details Information About CIF you will found at : csirtgadgets

Basic Requirements for Bearded Avenger CIF v3 :

  • OS: Ubuntu 16 LTS,  x64
  • RAM: 16GB
  • Cores: 4 (As Sqlite, ElasticSearch, CIF-Router among other apps would be running on same instance)
  • HDD Capacity: 100GB
  • Internet Access for feeds collection
  • Root Privileges (required to setup the framework)
  • VM Snapshot: A snapshot to be taken after vanilla installation of OS.

STEPS :


Firstly, we need to install Dependencies required for implementing CIFv3, Dependencies like SQLite and Elasticsearch need to Install in Beginning.

1) Install SQLite


Here we are installing SQLite 3.17.0 on Ubuntu 16.04 using below commands :

  • sudo add-apt-repository ppa:jonathonf/backports  


  •  sudo apt-get update && sudo apt-get install sqlite3


 
To remove SQLite:

  • sudo apt-get remove sqlite3

To check whether SQLite installed successfully

  • apt list --installed | grep sqlite


    

2) Install Elastic Search


To Install Elastic Search we first we have to get JDK 8 , if JDK is not installed hit the below Commands to install JDK :

  • sudo apt-get install default-jdk
  • javac -version
  • sudo apt-get update



After successfully installation of JDK 8, proceeds with the Elastic Search installation, Here we are installing Elasticsearch v5.6.3.

Commands to Execute : 

a) wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.3.deb sha1sum elasticsearch-5.6.3.deb



    
b) sudo dpkg -i elasticsearch-5.6.3.deb




c) Start the Elasticsearch services using below commands:

  • sudo systemctl enable elasticsearch.service
  • sudo systemctl start elasticsearch.service
  • sudo systemctl status elasticsearch.service



d) Final output should be like below image to confirmed elasticsearch installation is successfully
done : GET 127.0.0.1:9200



3) Install Collective intelligence framework

 First we required to install dependencies to install CIFv3, i.e Bearded Avenger Deployment kit

Deployment kit is available at GIT HUB , it will install dependencies like MarkupSafe, jinja2, PyYAML, six, pycparser, cffi, pynacl, enum34, idna, asn1crypto, ipaddress, cryptography, bcrypt, pyasn1, paramiko and ansible. Now hit below commands :

  • tar -zxvf bearded-avenger-deploymentkit-3.0.x.tar.gz
  • cd bearded-avenger-deploymentkit-3.0.x
  • sudo bash easybutton.sh


Now Install Bearded Avenger CIFv3 by getting code from GIT HUB sdk-master, Enter the below commands :

  • sudo python setup.py install

After this Command OUTPUT be like Below image :


Now by default it Creates cif user at /home, switch the USER to cif and hit command cif :

 Finally the CIFv3 Bearded Avenger has been Executed Completely, final OUTPUT be like this:




How Start with CIF and Filter FEEDS from different resources will Be Coming in my NEXT BLOG, CIFv3 Part 2


STAY TUNED .....

    

    

Comments

Popular posts from this blog

RTR using Falcon Crowdstrike

Top Commands Mostly Used By System Administrator.

Damn Vulnerable Web Application - Part 1

SECURITY OPERATION CENTRE

Cyber Threat Intelligence

Top 20 Subdomains Search Engines

Collective Intelligence Framework v3 - Part 2

Security Architecture for Startup

TrickBot Malware Family - A Deep Dive using Falcon Crowdstrike