説明なし

Tum 766f4d209d feat: add ICT/UTC dual clock widget to IRIS navbar		3 日前
..
.devcontainer	9de2549954 first commit	1 ヶ月前
certificates	619a0c6d4b config	1 ヶ月前
deploy	9de2549954 first commit	1 ヶ月前
docker	9de2549954 first commit	1 ヶ月前
e2e	9de2549954 first commit	1 ヶ月前
img	9de2549954 first commit	1 ヶ月前
scripts	9de2549954 first commit	1 ヶ月前
source	766f4d209d feat: add ICT/UTC dual clock widget to IRIS navbar	3 日前
tests	9de2549954 first commit	1 ヶ月前
ui	922e61ec37 wazuh iris	2 週間前
upgrades	9de2549954 first commit	1 ヶ月前
.bumpversion.cfg	9de2549954 first commit	1 ヶ月前
.deepsource.toml	9de2549954 first commit	1 ヶ月前
.env.model	619a0c6d4b config	1 ヶ月前
CODESTYLE.md	9de2549954 first commit	1 ヶ月前
CONFIGURATION.md	9de2549954 first commit	1 ヶ月前
CONTRIBUTING.md	9de2549954 first commit	1 ヶ月前
LICENSE.txt	9de2549954 first commit	1 ヶ月前
README.md	9de2549954 first commit	1 ヶ月前
SECURITY.md	9de2549954 first commit	1 ヶ月前
architecture.md	9de2549954 first commit	1 ヶ月前
docker-compose.base.yml	191d8f66cc chore: set TZ=Asia/Bangkok on all services	3 日前
docker-compose.dev.yml	766f4d209d feat: add ICT/UTC dual clock widget to IRIS navbar	3 日前
docker-compose.yml	9de2549954 first commit	1 ヶ月前
pyproject.toml	9de2549954 first commit	1 ヶ月前

Incident Response Investigation System
Current Version v2.4.20
Online Demonstration

IRIS

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations.

Getting Started
- Run IrisWeb
- Configuration
Versioning
Showcase
Documentation
- Upgrades
- API
Help
Considerations
License

Getting started

It is divided in two main parts, IrisWeb and IrisModules.

IrisWeb is the web application which contains the core of Iris (web interface, database management, etc).
IrisModules are extensions of the core that allow third parties to process data via Iris (eg enrich IOCs with MISP and VT, upload and injection of EVTX into Splunk).

IrisWeb can work without any modules though defaults ones are preinstalled. Head to Manage > Modules in the UI to configure and enable them.

Running Iris

To ease the installation and upgrades, Iris is shipped in Docker containers. Thanks to Docker compose, it can be ready in a few minutes.

#  Clone the iris-web repository
git clone https://github.com/dfir-iris/iris-web.git
cd iris-web

# Checkout to the last tagged version 
git checkout v2.4.20
# Copy the environment file 
cp .env.model .env

# Pull the dockers
docker compose pull

# Run IRIS 
docker compose up

Iris shall be available on the host interface, port 443, protocol HTTPS - https://<your_instance_ip>.
By default, an administrator account is created. The password is printed in stdout the very first time Iris is started. It won't be printed anymore after that.
WARNING :: post_init :: create_safe_admin :: >>> can be searched in the logs of the webapp docker to find the password.
The initial password can be set via the configuration.

Iris is split on 5 Docker services, each with a different role.

app: The core, including web server, DB management, module management etc.
db: A PostgresSQL database
RabbitMQ: A RabbitMQ engine to handle jobs queuing and processing
worker: Jobs handler relying on RabbitMQ
nginx: A NGINX reverse proxy

Configuration

There are three different options for configuring the settings and credentials: Azure Key Vault, Environment Variables and Configuration Files. This is also the order of priority, if a settings is not set it will fall back on the next option. For all available configuration options see configuration.

Versioning

Starting from version 2.0.0, Iris is following the Semantic Versioning 2.0 guidelines.
The code ready for production is always tagged with a version number. alpha and beta versions are not production-ready.

Do not use the master branch in production.

Showcase

You can directly try Iris on our demo instance.
One can also head to tutorials, we've put some videos there.

Documentation

A comprehensive documentation is available on docs.dfir-iris.org.

Upgrades

Please read the release notes when upgrading versions. Most of the time the migrations are handled automatically, but some changes might require some manual labor depending on the version.

API

The API reference is available in the documentation or documentation repository.

Help

You can reach us on Discord or by mail if you have any question, issue or idea!
We are also on Twitter and Matrix.

Considerations

Iris is still in its early stage. It can already be used in production, but please set backups of the database and DO NOT expose the interface on the Internet. We highly recommend using a private dedicated and secured network.

License

The contents of this repository is available under LGPL3 license.

Sponsoring

Special thanks to Deutsche Telekom Security GmbH for sponsoring us!

README.md