sid-maddy
commented
1 month ago Timesketch
Google maintains an OSDFIR Infrastructure repo containing Helm charts, including one for Timesketch.
OpenRelik
OpenRelik doesn't have any deployment instructions for Kubernetes right now. Also, their Docker Compose configuration seems geared towards deploying OpenRelik on a standalone machine with Postgres and Redis bundled as Docker containers. OpenRelik also seems to be relatively newer than alternatives(?) like Turbinia.
There's an open issue in the OSDFIR Infrastructure repo for providing a Helm chart for OpenRelik.
Requirements
Implement RBAC to the Kubernetes cluster for administrative purposes.
We can extend the roles introduced with https://github.com/vipyrsec/infrastructure/pull/39 for this new cluster.
Preferably be simple to deploy (this will be useful for others.)
I think a Helm chart with the Timesketch and OpenRelik Helm charts as dependencies will be simple enough.
Use native Google OAuth authorization to the maximum extent possible to various services.
I'm guessing you're asking for Google OAuth, because OpenRelik supports only that right now (other than "local" auth). AFAICT, we'll need a Google Cloud project to use that, which we don't have right now.
Alternatively, since OpenRelik's Google auth module uses authlib, we could contribute a GitHub auth module and use GitHub OAuth instead.
import-pandas-as-numpy
https://openrelik.org/docs/getting-started/ https://timesketch.org/guides/getting-started/
OpenRelik is a forensic analysis workflow generation platform. This would be useful for us to be able to perform dynamic analysis on abstract packages; OpenRelik exposes an API which can ingest various files that would be generated by the dynamic analysis instance and perform analysis on them.
Timesketch is useful for timelining those results.
We should deploy these two instances in Kubernetes.
This Kubernetes instance (and related helm charts/infrastructure) should be considered a standalone project and entirely separate from Vipyr's main product. It should: