-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup.sh
executable file
·74 lines (61 loc) · 2.32 KB
/
setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/bash
SUPER_ADMIN_KEY="$1"
CORTEX_URL=http://localhost:9001
ORG=buttercup
ORG_ADMIN="$ORG-admin"
ORG_ADMIN_PW=`openssl rand -base64 16`
ORG_INTEGRATION="$ORG-integration"
# Create Organization
curl -s -XPOST -H "Authorization: Bearer $SUPER_ADMIN_KEY" -H 'Content-Type: application/json' "$CORTEX_URL/api/organization" -d "{
\"name\": \"$ORG\",
\"description\": \"$ORG organization\",
\"status\": \"Active\"
}"
# Create the orgadmin of the Organiszation
curl -s -XPOST -H "Authorization: Bearer $SUPER_ADMIN_KEY" -H 'Content-Type: application/json' "$CORTEX_URL/api/user" -d "{
\"name\": \"$ORG org Admin\",
\"roles\": [
\"read\",
\"analyze\",
\"orgadmin\"
],
\"organization\": \"$ORG\",
\"login\": \"$ORG_ADMIN\"
}"
# Set the password of the orgadmin of the Organiszation
curl -s -XPOST -H "Authorization: Bearer $SUPER_ADMIN_KEY" -H 'Content-Type: application/json' "$CORTEX_URL/api/user/$ORG_ADMIN/password/set" -d "{
\"password\": \"$ORG_ADMIN_PW\"
}"
# Get API key of the orgadmin of the Organiszation
ORG_ADMIN_KEY=`curl -XPOST -H "Authorization: Bearer $SUPER_ADMIN_KEY" "$CORTEX_URL/api/user/$ORG_ADMIN/key/renew"`
# Create theHive integration user of the Organiszation
curl -s -XPOST -H "Authorization: Bearer $ORG_ADMIN_KEY" -H 'Content-Type: application/json' "$CORTEX_URL/api/user" -d "{
\"name\": \"$ORG Integration\",
\"roles\": [
\"read\",
\"analyze\"
],
\"organization\": \"$ORG\",
\"login\": \"$ORG_INTEGRATION\"
}"
# Get theHive integration API key from the integration user of the Organiszation
ORG_INTEGRATION_KEY=`curl -XPOST -H "Authorization: Bearer $ORG_ADMIN_KEY" "$CORTEX_URL/api/user/$ORG_INTEGRATION/key/renew"`
# Populate the .env file used by docker-compose.yml
echo "CORTEX_KEY=$ORG_INTEGRATION_KEY" > .env
echo "job_directory=/tmp/job-directory" >> .env
echo "ORG=$ORG" >> .env
# Enable VirusTotal Scan Analyzer
# Get key From 1Password
# If you don't have 1password (or another vault)
# You can set this key in .env and retrieve it from there
VT_KEY=$(op read op://Splunk/virustotal.com/API)
curl -s -XPOST -H "Authorization: Bearer $ORG_ADMIN_KEY" -H 'Content-Type: application/json' \
"$CORTEX_URL/api/organization/analyzer/VirusTotal_Scan_3_1" \
-d "{
\"name\": \"VirusTotal_Scan_3_1\",
\"configuration\": {
\"key\": \"$VT_KEY\"
}
}"
echo ""
docker compose up -d