first sync

Velociraptor/.env

@@ -0,0 +1,85 @@
+################
+# Velociraptor #
+################
+VELOX_USER=admin
+VELOX_PASSWORD=admin
+VELOX_ROLE=administrator
+VELOX_SERVER_URL=https://Velociraptor:8000/
+VELOX_FRONTEND_HOSTNAME=Velociraptor
+
+
+###########
+# CoPilot #
+###########
+# Leave this as is if connecting from a remote machine
+SERVER_IP=0.0.0.0
+
+MYSQL_URL=copilot-mysql
+# ! Avoid using special characters in the password ! #
+MYSQL_ROOT_PASSWORD=REPLACE_WITH_PASSWORD
+MYSQL_USER=copilot
+# ! Avoid using special characters in the password ! #
+MYSQL_PASSWORD=REPLACE_WITH_PASSWORD
+
+MINIO_URL=copilot-minio
+MINIO_ROOT_USER=admin
+# ! Make the password at least 8 characters long ! #
+MINIO_ROOT_PASSWORD=REPLACE_ME
+MINIO_SECURE=False
+
+# ! ALERT FORWARDING IP
+# Set this to the IP of the host running CoPilot. This is used by Graylog to forward alerts to CoPilot
+# ! Not needed anymore since we are reading from the index now
+# ! Ensure Graylog is able to reach this IP and port 5000
+ALERT_FORWARDING_IP=0.0.0.0
+
+# Connector Credentials
+# ! SETTING UP YOUR CONNECTORS DEMOs https://www.youtube.com/@taylorwalton_socfortress/videos! #
+WAZUH_INDEXER_URL=https://wazuh.indexer:9200
+WAZUH_INDEXER_USERNAME=admin
+WAZUH_INDEXER_PASSWORD=SecretPassword
+
+WAZUH_MANAGER_URL=https://wazuh.manager:55000
+WAZUH_MANAGER_USERNAME=wazuh-wui
+WAZUH_MANAGER_PASSWORD=MyS3cr37P450r.*-
+
+GRAYLOG_URL=http://graylog:9000
+GRAYLOG_USERNAME=admin
+GRAYLOG_PASSWORD=yourpassword
+
+SHUFFLE_URL=https://127.1.1.1
+SHUFFLER_API_KEY=dummy
+SHUFFLE_WORKFLOW_ID=dummy
+
+VELOCIRAPTOR_URL=https://velociraptor:8889
+VELOCIRAPTOR_API_KEY_PATH=dummy
+
+SUBLIME_URL=http://127.1.1.1
+SUBLIME_API_KEY=dummy
+
+INFLUXDB_URL=http://127.1.1.1
+INFLUXDB_API_KEY=dummy
+INFLUXDB_ORG_AND_BUCKET=dummy,dummy
+
+GRAFANA_URL=http://grafana:3000
+GRAFANA_USERNAME=admin
+GRAFANA_PASSWORD=admin
+
+WAZUH_WORKER_PROVISIONING_URL=http://127.1.1.1
+
+EVENT_SHIPPER_URL=graylog_host
+GELF_INPUT_PORT=gelf_port
+
+ALERT_CREATION_PROVISIONING_URL=http://127.1.1.1
+
+HAPROXY_PROVISIONING_URL=http://127.1.1.1
+
+# VirusTotal
+VIRUSTOTAL_URL=https://www.virustotal.com/api/v3
+VIRUSTOTAL_API_KEY=REPLACE_ME
+
+# Portainer
+PORTAINER_URL=http://127.1.1.1:9000
+PORTAINER_USERNAME=admin
+PORTAINER_PASSWORD=admin
+PORTAINER_ENDPOINT_ID=2

Velociraptor/docker-compose.yml

@@ -0,0 +1,20 @@
+  ################
+  # Velociraptor #
+  ################
+  velociraptor:
+    container_name: velociraptor
+    image: wlambert/velociraptor
+    env_file: .env
+    volumes:
+      - velociraptor:/velociraptor/:rw
+    environment:
+      - VELOX_USER=${VELOX_USER}
+      - VELOX_PASSWORD=${VELOX_PASSWORD}
+      - VELOX_ROLE=${VELOX_ROLE}
+      - VELOX_SERVER_URL=${VELOX_SERVER_URL}
+      - VELOX_FRONTEND_HOSTNAME=${VELOX_FRONTEND_HOSTNAME}
+    ports:
+      - "8000:8000"
+      - "8001:8001"
+      - "8889:8889"
+    restart: unless-stopped