diff --git a/README.md b/README.md index 0ee0afe63..b840f1aae 100644 --- a/README.md +++ b/README.md @@ -46,12 +46,7 @@ The ATT&CK Workbench application is made up of several repositories. For the ful The front-end user interface for the ATT&CK Workbench tool, and the primary interface through which the knowledge base is accessed. - [ATT&CK Workbench REST API](https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api) - REST API service for storing, querying and editing ATT&CK objects. -- [ATT&CK Workbench Collection Manager](https://github.com/center-for-threat-informed-defense/attack-workbench-collection-manager) - - REST API and services for managing collections, collection indexes, and collection subscriptions. - - The collection manager is **not** required to be installed to use the ATT&CK Workbench, but is **highly recommended**. If you opt not to install the collection-manager you will not be able to import or export data from your local knowledge base. If the collection manager is not installed, set `integrations.collection_manager.enabled` to `false` in the front-end environment. See [modifying the environment](#modifying-the-environment) for more details. + REST API service for storing, querying and editing ATT&CK objects, as well as for managing collections, collection indexes, and collection subscriptions. The manual install instructions in each repository describe how each component to be deployed to a separate machine or with customized settings. @@ -81,7 +76,7 @@ This step is necessary for cases where the app is deployed locally through `ng s If you're building the app for production, use `ng build --prod` which will use the production environment instead of the development environment. See [modifying the environment](#modifying-the-environment) for more information. #### Modifying the environment -The ATT&CK Workbench Frontend is configured to connect to the Collection Manager and REST API running under their default configurations. If those applications are configured to run on different ports, or if the application is to be hosted for access on multiple machines, the environment must be edited to reflect their URLs and ports. +The ATT&CK Workbench Frontend is configured to connect to the REST API running under its default configuration. If the applications is configured to run on a different port, or if the application is to be hosted for access on multiple machines, the environment must be edited to reflect the URLs and port. These environment properties can be edited under `src/environments`: - [src/environments/environment.ts](app/src/environments/environment.ts) is the development environment with configurations for when it is hosted on a local machine or is being actively developed. This is the default environment file used when building the application. diff --git a/app/src/environments/environment.prod.ts b/app/src/environments/environment.prod.ts index 090ac48c4..5af4ae0e6 100644 --- a/app/src/environments/environment.prod.ts +++ b/app/src/environments/environment.prod.ts @@ -1,31 +1,29 @@ import { NgxLoggerLevel } from 'ngx-logger' export const environment = { - production: true, - log_level: NgxLoggerLevel.ERROR, - recommended_indexes: [ //recommended collection indexes shown to user if they have no indexes loaded - { - "name": "MITRE ATT&CK", //index name - "url": "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json" //index url - } - ], - integrations: { - rest_api: { - // configuration for the ATT&CK Workbench REST API - // https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api - enabled: true, // MUST be true for application operation - url: "api" - }, - collection_manager: { - // configuration for the ATT&CK Workbench Collection Manager - // https://github.com/center-for-threat-informed-defense/attack-workbench-collection-manager - enabled: true, //if false, all systems for collection management will be disabled - url: "cm-api" - }, - attack_website: { - // configuration for the ATT&CK Website - // https://github.com/mitre-attack/attack-website - enabled: false, // if false, the attack website integration will not work - url: "https://attack.mitre.org" - } - } + production: true, + log_level: NgxLoggerLevel.ERROR, + recommended_indexes: [ //recommended collection indexes shown to user if they have no indexes loaded + { + "name": "MITRE ATT&CK", //index name + "url": "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json" //index url + } + ], + integrations: { + rest_api: { + // configuration for the ATT&CK Workbench REST API + // https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api + enabled: true, // MUST be true for application operation + url: "api" + }, + collection_manager: { + // configuration for the ATT&CK Workbench REST API Collection Manager + enabled: true, // if false, all components for collection management will be disabled + }, + attack_website: { + // configuration for the ATT&CK Website + // https://github.com/mitre-attack/attack-website + enabled: false, // if false, attack website integration will be disabled + url: "https://attack.mitre.org" + } + } }; diff --git a/app/src/environments/environment.ts b/app/src/environments/environment.ts index 5be1d0546..8d04aad8b 100644 --- a/app/src/environments/environment.ts +++ b/app/src/environments/environment.ts @@ -4,34 +4,32 @@ import { NgxLoggerLevel } from 'ngx-logger' // The list of file replacements can be found in `angular.json`. export const environment = { - production: false, - log_level: NgxLoggerLevel.INFO, - recommended_indexes: [ //recommended collection indexes shown to user if they have no indexes loaded - { - "name": "MITRE ATT&CK", //index name - "url": "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json" //index url - } - ], - integrations: { - rest_api: { - // configuration for the ATT&CK Workbench REST API - // https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api - enabled: true, // MUST be true for application operation - url: "http://localhost:3000/api" - }, - collection_manager: { - // configuration for the ATT&CK Workbench Collection Manager - // https://github.com/center-for-threat-informed-defense/attack-workbench-collection-manager - enabled: true, //if false, all systems for collection management will be disabled - url: "http://localhost:3001/cm-api" - }, - attack_website: { - // configuration for the ATT&CK Website - // https://github.com/mitre-attack/attack-website - enabled: false, // if false, the ATT&CK website integration will not work - url: "http://localhost:8000" - } - } + production: false, + log_level: NgxLoggerLevel.INFO, + recommended_indexes: [ //recommended collection indexes shown to user if they have no indexes loaded + { + "name": "MITRE ATT&CK", //index name + "url": "https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/index.json" //index url + } + ], + integrations: { + rest_api: { + // configuration for the ATT&CK Workbench REST API + // https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api + enabled: true, // MUST be true for application operation + url: "http://localhost:3000/api" + }, + collection_manager: { + // configuration for the ATT&CK Workbench REST API Collection Manager + enabled: true, // if false, all components for collection management will be disabled + }, + attack_website: { + // configuration for the ATT&CK Website + // https://github.com/mitre-attack/attack-website + enabled: false, // if false, the ATT&CK website integration will not work + url: "http://localhost:8000" + } + } }; /* diff --git a/docker-compose-resources/nginx/nginx.conf b/docker-compose-resources/nginx/nginx.conf index 886f73b50..5b16c8dc4 100644 --- a/docker-compose-resources/nginx/nginx.conf +++ b/docker-compose-resources/nginx/nginx.conf @@ -30,9 +30,5 @@ http { client_max_body_size 50M; proxy_pass http://attack-workbench-rest-api:3000; } - - location /cm-api { - proxy_pass http://attack-workbench-collection-manager:3001; - } } } diff --git a/docker-compose.certs.yml b/docker-compose.certs.yml index f064eb5db..1b6b24a00 100644 --- a/docker-compose.certs.yml +++ b/docker-compose.certs.yml @@ -1,9 +1,9 @@ # Description -# - This file augments the deployment of the ATT&CK Workbench by configuring the collection-manager container +# - This file augments the deployment of the ATT&CK Workbench by configuring the REST API container # - with an additional certificate. -# - This is recommended for deployments where the collection-manager container is behind a firewall that performs -# SSL inspection. The additional certificate allows collection-manager to retrieve collection-indexes and -# collection bundles without receiving a self-signed certificate error. +# - This is recommended for deployments where the REST API container is behind a firewall that performs +# SSL inspection. The additional certificate allows the REST API collection management to retrieve +# Collection Indexes and Collection bundles without receiving a self-signed certificate error. # Usage # This file must be used in conjunction with the main docker-compose.yml file. @@ -17,8 +17,8 @@ version: "3.9" services: - collection-manager: + rest-api: volumes: - - ${HOST_CERTS_PATH}:/usr/src/app/certs + - .${HOST_CERTS_PATH}:/usr/src/app/certs environment: - NODE_EXTRA_CA_CERTS=./certs/${CERTS_FILENAME} diff --git a/docker-compose.yml b/docker-compose.yml index cf88623ae..ed5533f15 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,6 @@ services: build: . depends_on: - rest-api - - collection-manager ports: - "80:80" volumes: @@ -24,15 +23,6 @@ services: - DATABASE_URL=mongodb://attack-workbench-database/attack-workspace - SERVICE_ACCOUNT_APIKEY_ENABLE=true - JSON_CONFIG_PATH=./resources/rest-api-service-config.json - - collection-manager: - container_name: attack-workbench-collection-manager - build: ../attack-workbench-collection-manager - depends_on: - - rest-api - ports: - - "3001:3001" - environment: - WORKBENCH_HOST=http://attack-workbench-rest-api - WORKBENCH_AUTHN_SERVICE_NAME=collection-manager - WORKBENCH_AUTHN_APIKEY=sample-key diff --git a/docs/contributing.md b/docs/contributing.md index c0da2658a..95e568ba3 100644 --- a/docs/contributing.md +++ b/docs/contributing.md @@ -4,7 +4,7 @@ Thanks for contributing to `attack-workbench-frontend`! You are welcome to comment on issues, open new issues, and open pull requests. -Pull requests should target the **develop** branch of the repository. If your pull request is reliant on changes to the [REST API](https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api) or [Collection Manager](https://github.com/center-for-threat-informed-defense/attack-workbench-collection-manager/), please make sure to document this in your pull request and link to the corresponding REST API or Collection Manager pull request. +Pull requests should target the **develop** branch of the repository. If your pull request is reliant on changes to the [REST API](https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api), please make sure to document this in your pull request and link to the corresponding REST API pull request. Also, if you contribute any source code, we need you to agree to the following Developer's Certificate of Origin below. diff --git a/docs/docker-compose.md b/docs/docker-compose.md index 3290bb071..23e3c5841 100644 --- a/docs/docker-compose.md +++ b/docs/docker-compose.md @@ -4,7 +4,7 @@ This document describes how to install the ATT&CK Workbench components using Doc ## 1. Download required repositories -In addition to this project, the [ATT&CK Workbench REST API](https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api) and [ATT&CK Workbench Collection Manager](https://github.com/center-for-threat-informed-defense/attack-workbench-collection-manager) projects must be pulled from their github repositories. +In addition to this project, the [ATT&CK Workbench REST API](https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api) project must be pulled from its github repository. These projects must be placed under a common parent directory: @@ -12,15 +12,12 @@ These projects must be placed under a common parent directory: |-- |-- attack-workbench-frontend |-- attack-workbench-rest-api - |-- attack-workbench-collection-manager ``` -To perform all three clones as required (including the clone of this repository), you can use the following commands from your working directory: +To perform all clones as required (including the clone of this repository), you can use the following commands from your working directory: ```shell # download the front-end repository git clone https://github.com/center-for-threat-informed-defense/attack-workbench-frontend.git -# download the collection manager repository -git clone https://github.com/center-for-threat-informed-defense/attack-workbench-collection-manager.git # download the REST API repository git clone https://github.com/center-for-threat-informed-defense/attack-workbench-rest-api.git ``` @@ -82,12 +79,11 @@ docker-compose up --build When deployed using Docker Compose, an ATT&CK Workbench installation will include four containers: * frontend * rest-api -* collection-manager * mongodb These containers will communicate as illustrated in the diagram below. The `nginx` instance (part of the `frontend` container) is responsible for serving the statically built code for the ATT&CK Workbench web application. -It also acts as a reverse proxy for the `rest-api` and `collection-manager` services. +It also acts as a reverse proxy for the `rest-api` service. ![Workbench Configuration](images/workbench-configuration-docker-compose.png) diff --git a/docs/images/workbench-configuration-development.png b/docs/images/workbench-configuration-development.png index 3638be1c8..9e2e18da8 100644 Binary files a/docs/images/workbench-configuration-development.png and b/docs/images/workbench-configuration-development.png differ diff --git a/docs/images/workbench-configuration-docker-compose.png b/docs/images/workbench-configuration-docker-compose.png index bbf75039e..1eefb7759 100644 Binary files a/docs/images/workbench-configuration-docker-compose.png and b/docs/images/workbench-configuration-docker-compose.png differ