Skip to content

Installation

kiranmai-nadella edited this page Dec 16, 2022 · 3 revisions

Note: All the build steps need to be performed as root

  1. Clone the ASF repository: git clone https://github.com/vmware-labs/attack-surface-framework.git /opt/asf
  2. cd /opt/asf/
  3. Run ./setup.sh
  4. Assign your username, email, and password when prompted. This will be used to login to GUI of ASF
  5. A question will be prompted: Would you like to use kubernetes cluster (y/n)? Press 'y' if you want to use the Kubernetes cluster to run the jobs. Press 'n' if you don't want to use Kubernetes and use Docker for running the jobs.

Security

ASF is not meant to be publicly exposed, assuming you install it on a cloud provider or even on a local instance, we recommend accessing it using port forwarding through SSH, here is an example:

ssh -i "key.pem" -L 2021:127.0.0.1:2021 user@yourhost - For ASF GUI ssh -i "key.pem" -L 9045:127.0.0.1:9045 user@yourhost - To access Graylog2 Panel

Then open your browser and go to:

http://127.0.0.1:2021 - For ASF - user:youruser pass:yourpassword (provided in initial setup)

https://127.0.0.1:9045 - For Graylog2 - user:admin pass:admin #Change it in /graylog/docker-compose.yaml

Graylog2 requires a few steps to start receiving logs from ASF:

Once logged in, go to System/"Content Packs" and import the Content Pack located at /opt/asf/tools/graylog/content_pack_ASF.json, click on the "Upload" button and you should see "Basic" reflected in the "Select Content Packs" section, click on "Basic", make sure the "ASF" radio button is selected and hit the "Apply content" button, this will create the Global input to parse JSON logs and related extractors.

image

Now you are ready to receive logs from ASF and set up your streams/alerts/dashboards!

More info @ https://docs.graylog.org/en/4.1/

Clone this wiki locally