Mata Elang Defense Center

Prerequisite

✅ Ubuntu 24.04 LTS installed and updated with the following command.

sudo apt update && sudo apt -y upgrade

✅ Docker 27.3 or later installed with the following command.

🔑 You can follow this guideline for installing Docker on your PC, with comprehensive instruction for each Linux's Distribution Docker Official Documentation.

⚠️ NOTE: You can check Docker version on your host using this command:

docker -v

Configurating and Installing Defense Center

Download Installation Media

▶️ Clone Mata Elang v2 Defense Center from GitHub to your defense center machine.

git clone https://github.com/mata-elang-stable/example-docker-deployment.git

cd example-docker-deployment/defense_center/ && tree --dirsfirst -L 1

🔑 Using tree command above, you should see this directory structure.

.
├── conf
├── files
├── scripts
├── templates
├── compose.opencti-connector.yml
├── compose.reporting.yml
├── compose.yml
└── readme.md

5 directories, 4 files

Enviroment Configuration

▶️ Create a .env file by copying .env.example

cp .env.example .env

You will have a new file titled .env.

▶️ Edit the .env using nano if you want to customize your defense center's credential, or changing Postgress database's table name.

nano .env

🔑 Default .env file looks like this.

###################################################
# Mata Elang Core Defense Center configuration file.
###################################################
# OPENSEARCH_INITIAL_ADMIN_PASSWORD is the password for the initial admin user created in the OpenSearch instance.
# It is used to authenticate the Defense Center with OpenSearch.
OPENSEARCH_INITIAL_ADMIN_PASSWORD=Mataelang@123

###################################################
# Mata Elang Add-on configuration file.
###################################################
# APP_KEY is a random string generated by Laravel. It is used to encrypt user sessions and other sensitive data.
# Generate a new key by running `php artisan key:generate --show` and update the APP_KEY value in the .env file.
# APP_KEY=

# OPENCTI_URL is the URL of the OpenCTI instance.
# OPENCTI_URL=http://opencti:8080

# OPENCTI_API is the API key used to authenticate the Defense Center with OpenCTI.
# OPENCTI_API_KEY=

⚠️ NOTE: You may change those variable value to meet your need. ⚠️

▶️ After your .env file, you can pull compose.yml image using this command.

docker compose pull

Installing Defense Center

▶️ After pulling process is done, you can start the services by running both of those compose file simultaneously.

docker compose up -d

▶️ Check the container whether its already running or not.

docker compose ps -a

🔑 You shall expect this kind of result.

NAME                                 IMAGE                                                                COMMAND                  SERVICE                  CREATED          STATUS                        PORTS
mataelang-broker-1                   confluentinc/cp-kafka:7.8.0                                          "/etc/confluent/dock…"   broker                   11 seconds ago   Up 10 seconds                 9092/tcp
mataelang-kafka-ui-1                 provectuslabs/kafka-ui:latest                                        "/bin/sh -c 'java --…"   kafka-ui                 11 seconds ago   Up 10 seconds                 0.0.0.0:9021->8080/tcp, [::]:9021->8080/tcp
mataelang-opensearch-dashboards-1    opensearchproject/opensearch-dashboards:2                            "./opensearch-dashbo…"   opensearch-dashboards    11 seconds ago   Up 10 seconds                 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp
mataelang-opensearch-init-1          curlimages/curl:8.10.1                                               "/entrypoint.sh /bin…"   opensearch-init          11 seconds ago   Up 10 seconds
mataelang-opensearch-logstash-1      opensearchproject/logstash-oss-with-opensearch-output-plugin:8.9.0   "/usr/local/bin/dock…"   opensearch-logstash      11 seconds ago   Up 9 seconds                  5044/tcp, 9600/tcp
mataelang-opensearch-logstash-2      opensearchproject/logstash-oss-with-opensearch-output-plugin:8.9.0   "/usr/local/bin/dock…"   opensearch-logstash      11 seconds ago   Up 9 seconds                  5044/tcp, 9600/tcp
mataelang-opensearch-node1-1         opensearchproject/opensearch:2                                       "./opensearch-docker…"   opensearch-node1         11 seconds ago   Up 10 seconds                 9200/tcp, 9300/tcp, 9600/tcp, 9650/tcp
mataelang-schema-registry-1          confluentinc/cp-schema-registry:7.8.0                                "/etc/confluent/dock…"   schema-registry          11 seconds ago   Up 10 seconds                 0.0.0.0:8081->8081/tcp, :::8081->8081/tcp
mataelang-sensor-api-1               ghcr.io/mata-elang-stable/sensor-snort-service:latest                "/go/bin/app server …"   sensor-api               11 seconds ago   Up 10 seconds                 0.0.0.0:50051->50051/tcp, :::50051->50051/tcp
mataelang-sensor-event-stream-op-1   ghcr.io/mata-elang-stable/event-stream-aggr:latest                   "/go/bin/app -v"         sensor-event-stream-op   11 seconds ago   Up 10 seconds

🔑 You can access dashboard on http://localhost:5601