IRIS-DFIR / Case Management
Last updated
Last updated
DFIR is the open source incidence management tool which can be easily integrated with various other security tools to make the SOC ticketing solutions and case management task easy & very clutter free collaborative space.
To install DFIR IRIS we will need docker daemon installed on the local host system , Here is the documentation on docker :
Once docker is installed on the system we can check using :
Now we will start installation of DFIR IRIS
We will make some changes in the environment files to configure passwords & algorithms to use to ensure the data is secured & avoid to use default credentials increasing the attack parameters.
We will now pull and start the docker containers :
Once complete 5 docker instances will be working which we can check using :
Iris shall be available on the host interface, port 443, protocol HTTPS - https://<your_instance_ip>. By default, an administrator account is created. The password is printed in stdout the very first time Iris is started. It won't be printed anymore after that.
WARNING :: post_init :: create_safe_admin :: >>> can be searched in the logs of the webapp docker to find the password. In case of docker is started as background service we can grep passwords using :
In the upcoming sections we will be integrating the IRIS DFIR with wazuh.
