Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add OpenRelik + Timesketch #83

Open
import-pandas-as-numpy opened this issue Oct 1, 2024 · 2 comments
Open

Add OpenRelik + Timesketch #83

import-pandas-as-numpy opened this issue Oct 1, 2024 · 2 comments
Assignees
@sid-maddy

Comments

@import-pandas-as-numpy
Copy link
Member

https://openrelik.org/docs/getting-started/
https://timesketch.org/guides/getting-started/

OpenRelik is a forensic analysis workflow generation platform. This would be useful for us to be able to perform dynamic analysis on abstract packages; OpenRelik exposes an API which can ingest various files that would be generated by the dynamic analysis instance and perform analysis on them.

Timesketch is useful for timelining those results.

We should deploy these two instances in Kubernetes.

This Kubernetes instance (and related helm charts/infrastructure) should be considered a standalone project and entirely separate from Vipyr's main product.
It should:

  • Implement RBAC to the Kubernetes cluster for administrative purposes.
  • Preferably be simple to deploy (this will be useful for others.)
  • Use native Google OAuth authorization to the maximum extent possible to various services.
@sid-maddy sid-maddy self-assigned this Oct 2, 2024
@sid-maddy
Copy link
Contributor

Timesketch

Google maintains an OSDFIR Infrastructure repo containing Helm charts, including one for Timesketch.

OpenRelik

OpenRelik doesn't have any deployment instructions for Kubernetes right now.
Also, their Docker Compose configuration seems geared towards deploying OpenRelik on a standalone machine with Postgres and Redis bundled as Docker containers.
OpenRelik also seems to be relatively newer than alternatives(?) like Turbinia.

There's an open issue in the OSDFIR Infrastructure repo for providing a Helm chart for OpenRelik.

Requirements

Implement RBAC to the Kubernetes cluster for administrative purposes.

We can extend the roles introduced with #39 for this new cluster.

Preferably be simple to deploy (this will be useful for others.)

I think a Helm chart with the Timesketch and OpenRelik Helm charts as dependencies will be simple enough.

Use native Google OAuth authorization to the maximum extent possible to various services.

I'm guessing you're asking for Google OAuth, because OpenRelik supports only that right now (other than "local" auth).
AFAICT, we'll need a Google Cloud project to use that, which we don't have right now.

Alternatively, since OpenRelik's Google auth module uses authlib, we could contribute a GitHub auth module and use GitHub OAuth instead.

@import-pandas-as-numpy
Copy link
Member Author

@Robin5605 @jonathan-d-zhang @AbooMinister25

Interest in contributing upstream at all for Github auth on OpenRelik? Everything else seems... reasonably straightforward I think.

@sid-maddy
Ref Turbinia, specifically looking at this as an easier-to-deploy known commodity ecosystem for shared analysis; this won't replace the modules concept, but augment a specific capability that we're probably lacking holistically, which is the ability to perform dynamic analysis and then collaborate on a standard set of information generated by this pipeline.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sid-maddy sid-maddy

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sid-maddy @import-pandas-as-numpy