Skip to content

socfortress/CoPilot

Repository files navigation

SOCFortress CoPilot

Medium YouTube Channel Subscribers Discord Shield GitHub Sponsors

Get in Touch

SOCFortress CoPilot focuses on providing a single pane of glass for all your security operations needs. Simplify your open source security stack with a single platform focused on making open source security tools easier to use and more accessible.

demo_timeline

Table of contents

Getting started

Copilot's true power comes from the ability to integrate with your existing security stack. We have built in integrations with the following tools:

❗️ Note: Copilot is currently in beta. We are actively working on adding more integrations and features. If you have any suggestions or feedback, please let us know!

Running Copilot

To ease the installation and upgrades, Copilot is shipped in a single docker container. To run Copilot, you will need to have Docker and Docker Compose installed.

❗ WARNING: Copilot is not intended to be exposed to the internet. It is recommended for internal use only.

πŸ”΄ - Helpful docker DNS setting

nano /etc/docker/daemon.json
{
	"dns": ["YOUR_DNS_SERVER"],
	"log-driver": "json-file",
	"log-opts": {
		"max-size": "10m",
		"max-file": "3"
	}
}

In case you need to set MTU

{
	"dns": ["YOUR_DNS_SERVER"],
	"log-driver": "json-file",
	"log-opts": {
		"max-size": "10m",
		"max-file": "3"
	},
	"mtu": 1450
}
systemctl daemon-reload
systemctl restart docker

#  Clone the CoPilot repository
wget https://raw.githubusercontent.com/socfortress/CoPilot/v0.1.2/docker-compose.yml

# Edit the docker-compose.yml file to set the server name and/or the services you want to use

# Create the path for storing your data
mkdir data

# Create the .env file based on the .env.example
nano .env

# Run Copilot
docker compose up -d

# Once Copilot has started up you can retrieve the admin password by running the following command (Only accessible the first time Copilot is started up)
docker logs "$(docker ps --filter ancestor=ghcr.io/socfortress/copilot-backend:latest --format "{{.ID}}")" 2>&1 | grep "Admin user password"

Copilot shall be available on the host interface, port 443, protocol HTTPS - https://<your_instance_ip>. By default, an admin account is created. The password is printed in stdout the very first time Copilot is started. It won't be printed anymore after that. Admin user password can be searched in the logs of the copilot docker to find the password. You will use the plain password to login to the web interface.

πŸš€ YouTube Playlist: VIEW THE COPILOT VIDEO SERIES

SSL

By default Copilot uses a self-signed certificate valid for 365 days from install. You can replace the certificate and key files with your own. These files should be mounted in the copilot-frontend container and you can set the path to your certificate and key files in the docker-compose.yml file using the TLS_CERT_PATH and TLS_KEY_PATH respectively.

For Example

# Generate a certificate e.g.
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Then update the docker-compose.yml file to mount the certificate and key files and set the TLS_CERT_PATH and TLS_KEY_PATH environment variables.

copilot-frontend:
    image: ghcr.io/socfortress/copilot-frontend:latest
    volumes:
        - PATH_TO_YOUR_CERTS:/etc/letsencrypt
    environment:
        - SERVER_HOST=${SERVER_HOST:-localhost} # Set the domain name of your server
        - TLS_CERT_PATH=/etc/letsencrypt/live/${SERVER_HOST}/fullchain.pem # Set the path to your certificate
        - TLS_KEY_PATH=/etc/letsencrypt/live/${SERVER_HOST}/privkey.pem # Set the path to your key
    ports:
        - "80:80"
        - "443:443"

Upgrading Copilot

πŸ›  You will likely want to upgrade often as we are frequently pushing new changes.

To upgrade Copilot, you will need to stop the running containers, pull the latest docker image, and start the containers again.

# Stop the running container. Make sure you are in the CoPilot directory
docker compose pull

# Start the container again
docker compose up -d

Connectors

Copilot is designed to be a single pane of glass for your security operations. Think of it as a hub for all your security tools. Copilot Connectors are the glue that binds your security tools to Copilot. We take advantage of the APIs and webhooks provided by your security tools to provide a seamless integration.

Help

You can reach us on Discord or by πŸ“§ if you have any question, issue or idea!

Check out our full video tutorial series on YouTube

License

The contents of this repository is available under AGPL-3.0 license.

Sponsoring

If you like this project and want to support it, you can consider becoming a sponsor to help us continue maintaining it and adding new features.

GitHub Sponsors