Misp
MISP (Malware Information Sharing Platform & Threat Sharing) is an open source threat intelligence platform designed to improve the sharing of structured threat information among organizations. AWS Marketplace: MISP
SSH Into the server:
- Linux + MAC - add .pem key to ~/.ssh/id_rsa > change permisisons > chmod 400 id_rsa
- ssh core@ip-of-server
- If using putty or mobaxterm make sure to convert .pem using puttygen.
Passwords - DB AND/OR User:
- ssh into server
- cat ~/.docker/.env
- This will display the randomly generated passwords for DB AND/OR User.
MISP - Access The Server:
- Login > https://ip-of-server
- Username: admin@misp Password: instance ID
- Get data feeds > Dashboard > Sync Actions > Feeds > Load Default feed metadata > select pencil indicator, enable , submit > Fetch & store all Feed Data
- Change Password > Dashboard > Administration > List users > select user > Set Password > Save: Edit User - Confirm with old password
- Troubleshooting > IF IP changes or no Public IP > Edit .env > vim ~/.docker/.env > BASE_URL=your=server-IP > cd .docker > docker-compose down > docker-compose up -d
Portainer - Manage Docker:
- How to access Portainer to manage your containers > https://ip-of-server:9443
- Follow the instructions to create a new admin account.
- Caution - Portainer can timeout if you dont create an account fast enough
- If this happens you need to restart the container, ssh into the server, then run. > docker restart portainer
- Once logged into portainer, click get started and select local. You can manage docker from here.
Manage Flatcar Linux:
- Optional: Manaully update Flatcar. Updates will happen automatically.
- If you want to manually check for updates run this command: update_engine_client -update
References:
- https://docs.docker.com/
- https://docs.portainer.io/
- https://www.flatcar.org/docs/latest
- https://www.misp-project.org/