Iron

Unified cases, seamless integrations

Introduction

Iron is a minimalist synchronization tool designed to simplify the cases management within the CERT-EDF/fusion framework, acting as a centralized interface to create and manage cases, ensuring consistency across services.

Iron pulls together services into a unified, cohesive system.

Iron supports the following services:

• CERT-EDF/carbon: minimalist digital logbook
• CERT-EDF/helium: minimalist forensic collections manager
• CERT-EDF/neon: minimalist malware database management
• dfir-iris: incident responders platform

Getting Started

Note

Iron is part of the CERT-EDF/fusion framework. This section will guide you for the standalone usage.

Deployment is designed to be simple using Docker.

export GIT_TAG="$(git describe --tags)"
docker compose up -d

Basic HTTP example using Nginx:

server {
    listen 80;
    server_name iron.domain.lan;

    access_log  /var/log/nginx/iron.access.log;
    error_log  /var/log/nginx/iron.error.log;

    proxy_http_version 1.1;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

    location /api {
      proxy_pass http://127.0.0.1:8110;
      client_max_body_size 4G;
      proxy_buffering off;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
    }

    location / {
      proxy_pass http://127.0.0.1:8120;
    }
  }

Configuration

Refer to the documentation in

• iron.dist.yml
• constant.dist.yml

License

Distributed under the MIT License.

Contributing

Contributions are welcome, see CONTRIBUTING.md for more information.

Security

To report a (suspected) security issue, see SECURITY.md for more information.