FIR (Fast Incident Response by CERT Société générale) is an cybersecurity incident management platform designed with agility and speed in mind. It allows for easy creation, tracking, and reporting of cybersecurity incidents.
This plugins allows you to assign actions to FIR business lines and manage countermeasures called 'Blocks'.
Follow the generic plugin installation instructions in the FIR wiki.
You should install it in the FIR virtualenv.
(your_env)$ git clone https://github.com/gcrahay/fir_actions_plugin.git
(your_env)$ cd fir_actions_plugin
(your_env)$ python setup.py install
In $FIR_HOME/fir/config/installed_app.txt, add:
django_fsm
selectable
fir_actions
In $FIR_HOME/fir/urls.py, add to the urlpatterns list:
url(r'^selectable/', include('selectable.urls')),In your $FIR_HOME, launch:
(your_env)$ ./manage.py migrate
(your_env)$ ./manage.py collectstatic -yIn the incident details view, you can add actions and blocks.
In the Django addmin site, you have to add block types and locations. Block types are the countermeasure action (Deny IP) and location are where the countermeasure is enforced (Internet firewall).
fir_actions.can_approve_block: User can approve a countermeasure.fir_actions.can_enforce_block: User can enforce a countermeasure.