first sync

CoPilot/.env

@@ -0,0 +1,85 @@
+################
+# Velociraptor #
+################
+VELOX_USER=admin
+VELOX_PASSWORD=admin
+VELOX_ROLE=administrator
+VELOX_SERVER_URL=https://Velociraptor:8000/
+VELOX_FRONTEND_HOSTNAME=Velociraptor
+
+
+###########
+# CoPilot #
+###########
+# Leave this as is if connecting from a remote machine
+SERVER_IP=0.0.0.0
+
+MYSQL_URL=copilot-mysql
+# ! Avoid using special characters in the password ! #
+MYSQL_ROOT_PASSWORD=REPLACE_WITH_PASSWORD
+MYSQL_USER=copilot
+# ! Avoid using special characters in the password ! #
+MYSQL_PASSWORD=REPLACE_WITH_PASSWORD
+
+MINIO_URL=copilot-minio
+MINIO_ROOT_USER=admin
+# ! Make the password at least 8 characters long ! #
+MINIO_ROOT_PASSWORD=REPLACE_ME
+MINIO_SECURE=False
+
+# ! ALERT FORWARDING IP
+# Set this to the IP of the host running CoPilot. This is used by Graylog to forward alerts to CoPilot
+# ! Not needed anymore since we are reading from the index now
+# ! Ensure Graylog is able to reach this IP and port 5000
+ALERT_FORWARDING_IP=0.0.0.0
+
+# Connector Credentials
+# ! SETTING UP YOUR CONNECTORS DEMOs https://www.youtube.com/@taylorwalton_socfortress/videos! #
+WAZUH_INDEXER_URL=https://wazuh.indexer:9200
+WAZUH_INDEXER_USERNAME=admin
+WAZUH_INDEXER_PASSWORD=SecretPassword
+
+WAZUH_MANAGER_URL=https://wazuh.manager:55000
+WAZUH_MANAGER_USERNAME=wazuh-wui
+WAZUH_MANAGER_PASSWORD=MyS3cr37P450r.*-
+
+GRAYLOG_URL=http://graylog:9000
+GRAYLOG_USERNAME=admin
+GRAYLOG_PASSWORD=yourpassword
+
+SHUFFLE_URL=https://127.1.1.1
+SHUFFLER_API_KEY=dummy
+SHUFFLE_WORKFLOW_ID=dummy
+
+VELOCIRAPTOR_URL=https://velociraptor:8889
+VELOCIRAPTOR_API_KEY_PATH=dummy
+
+SUBLIME_URL=http://127.1.1.1
+SUBLIME_API_KEY=dummy
+
+INFLUXDB_URL=http://127.1.1.1
+INFLUXDB_API_KEY=dummy
+INFLUXDB_ORG_AND_BUCKET=dummy,dummy
+
+GRAFANA_URL=http://grafana:3000
+GRAFANA_USERNAME=admin
+GRAFANA_PASSWORD=admin
+
+WAZUH_WORKER_PROVISIONING_URL=http://127.1.1.1
+
+EVENT_SHIPPER_URL=graylog_host
+GELF_INPUT_PORT=gelf_port
+
+ALERT_CREATION_PROVISIONING_URL=http://127.1.1.1
+
+HAPROXY_PROVISIONING_URL=http://127.1.1.1
+
+# VirusTotal
+VIRUSTOTAL_URL=https://www.virustotal.com/api/v3
+VIRUSTOTAL_API_KEY=REPLACE_ME
+
+# Portainer
+PORTAINER_URL=http://127.1.1.1:9000
+PORTAINER_USERNAME=admin
+PORTAINER_PASSWORD=admin
+PORTAINER_ENDPOINT_ID=2

CoPilot/docker-compose.yml

@@ -0,0 +1,58 @@
+###########
+  # CoPilot #
+  ###########
+  copilot-backend:
+    image: ghcr.io/socfortress/copilot-backend:latest
+    container_name: copilot-backend
+    env_file: .env
+    # Expose the Ports for Graylog Alerting and Docs
+    ports:
+      - "5000:5000"
+    volumes:
+      - copilot-logs:/opt/logs
+      # Mount the copilot.db file to persist the database
+      - copilot-data:/opt/copilot/backend/data
+    depends_on:
+      - copilot-mysql
+    restart: unless-stopped
+
+  copilot-frontend:
+    image: ghcr.io/socfortress/copilot-frontend:latest
+    container_name: copilot-frontend
+    env_file: .env
+    environment:
+      - SERVER_HOST=${SERVER_HOST:-localhost} # Set the domain name of your server
+    ports:
+      - "80:80"
+      - "443:443"
+    restart: unless-stopped
+
+  copilot-mysql:
+    image: mysql:8.0.38-debian
+    container_name: copilot-mysql
+    env_file: .env
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+      MYSQL_DATABASE: copilot
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+    volumes:
+      - copilot-mysql_data:/var/lib/mysql
+    restart: unless-stopped
+
+  copilot-minio:
+    image: quay.io/minio/minio:RELEASE.2024-09-13T20-26-02Z
+    container_name: copilot-minio
+    env_file: .env
+    environment:
+      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
+      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
+    volumes:
+      - copilot_minio-data:/data
+    command: server /data --console-address ":9001"
+    restart: unless-stopped
+
+  copilot-nuclei-module:
+    image: ghcr.io/socfortress/copilot-nuclei-module:latest
+    container_name: copilot-nuclei-module
+    restart: unless-stopped