This document provides a detailed walk through of the installation, configuration, startup, and basic operations of the OIF Orchestrator. The Orchestrator implements the OpenC2 Producer function. The following diagram provides a high-level overview of the OIF Orchestrator's construction:
|
|
This walk through focuses on the use of the HTTP / HTTPS transfer protocol for message exchange between the Orchestrator and the Device. Some additional notes are provided at the end for utilizing the MQTT publish / subscribe protocol in place of HTTP(S).
- Required:
- Optional:
Pip and Docker Compose are needed for configuration and startup. Pip is usually installed with Python. Docker Compose is installed with Docker on Windows and Mac systems, but must be installed separately on Linux systems. If using a Linux environment, then the post-installation steps for Linux are also needed, specifically:
- Manage Docker as a non-root user
- Configure Docker to start on boot
Users are advised to update all the software components to the latest versions.
Users may optionally install git version control software, as a means of obtaining the OIF Orchestrator software.
There are two approaches to obtain the software, clone via git or download using ZIP:
- Clone the OIF Orchestrator Repository in the desired location:
git clone https://github.com/oasis-open/openc2-oif-orchestrator.git - Download a ZIP archive by
- Navigating to the OIF Orchestrator Repository.
- Click on the green Code button.
- Select Download ZIP.
- Unwrap the ZIP archive in the desired location.
To configure the OIF Orchestrator, navigate to the directory containing the local software copy
and run configure.py with the desired options prior to starting the OIF Orchestrator for the first time.
View all configuration options:
python3 configure.py -hRun with default configuration:
python3 configure.pyRun with logging to the designated file and in verbose mode:
python3 configure.py -f FILE -vAs described in its documentation, Docker Compose is used to "define and run multi-container Docker applications". To start OIF Orchestrator in its default configuration, the only required command is:
docker-compose -f orchestrator-compose.yaml upThis command will:
- Create the necessary Docker images as defined in the
orchestrator-compose.ymlconfiguration file - Execute the application in the defined containers, attached to the terminal from which it was launched
Execution of an attached OIF instance is terminated by
typing ctrl-c in the terminal.
The Orchestrator can also be started in detached mode using
the docker-compose -d or --detach option:
docker-compose up --detachA detached instance of OIF is terminated with the complementary command:
docker-compose downThis command should also be run after terminating an
attached OIF instance with ctrl-c, as it also performs a number
of desirable clean-up actions.
The OIF Orchestrator provides a graphical user interface
(GUI) for the user to manage devices and
actuators, and create and send OpenC2 commands and
review responses The GUI is accessed at
http://localhost:8080. Browsing to the User GUI location brings up the login
screen:
The default login credentials are
- Username:
admin - Password:
password
After login to the User GUI you will see the home screen
with the system menu. A theme menu is available in the
bottom right corner to alter the GUI color scheme.
The Hello, {USER} menu at the right provides access to log off,
password change, and system administration features.
Information about the system administration features is
provided in the Orchestrator README file.
An OIF Device is an entity that groups one or more OpenC2 actuators and provides a communications interface so that the Orchestrator can issue commands and receive responses. Note that the Device isn't explicitly mentioned in the OpenC2 specifications, it's an OIF construct. The following diagram illustrates the organization of an OIF Device:
|
|
Devices and their associated actuators have to be registered in the OIF Orchestrator before interactions with them are possible. In addition, actuators must have an associated JSON schema to inform the Orchestrator of the action/target pairs the actuator can process.
Devices and actuators have associated identifiers. Within OIF these are required to be v4 UUIDs; this is an OIF requirement rather than an OpenC2 requirement. While the UI will permit the user to enter a non-UUID value as an identifier, an error will occur when attempting to exchange commands and responses.
The procedure to create a new device is:
- Select
Devicesfrom the Orchestrator menu; this brings up the list of registered devices. - Click the
REGISTERbutton at the right; this opens the dialog to register a new device. - Give the device a name (user's discretion).
- Click the
GEN IDbutton to generate a Device ID (Note: while the field permits user entry of an arbitrary ID, the Orchestrator expects a UUID value here). - Enter the Device's IP address and Port.
- Default port for HTTPS Transfer is 5001
- Default port for MQTT Transfer is 1883
- Host: Enter your MQTT Broker
- Select the transfer protocol to use with this device.
- Select the message serialization(s) to use with this device. JSON is the default serialization for OpenC2.
- Enter any desired information in the
Notefield. This is typically used to provide a human-friendly description of the device's type. - Click the
REGISTERbutton at bottom right to complete the device registration.
The screenshots below show the registered devices list and device editing dialog: /home/matt/Documents/SB/oif-orc-home-screen.png
Device registration notes:
- Registered devices have an
EDITbutton that re-opens the registration dialog for updating - The blue
+button in the registration dialog permits defining additional transport interfaces for a device. - The red
xbutton in the registration dialog deletes the associated transport interfaces from the device.
The process for registering an actuator is similar to that for a device. Every actuator is associated with a device, so devices must be registered before their actuators. A device can have multiple actuators; each actuator is associated with a single device.
The process for registering an actuator is:
- Select
Actuatorsfrom the Orchestrator menu; this brings up the list of registered actuators. - Click the
REGISTERbutton at the right; this opens the dialog to register a new actuator. - Give the actuator a name (user's discretion).
- Click the
GEN IDbutton to generate an Actuator ID (Note: while the field permits user entry of an arbitrary ID, the Orchestrator expects a UUID value here). - Select the actuator's parent device from the menu of registered devices
- Provide a JSON schema for the functions supported by the
device. A schema can be pasted into the window, or the
Upload Schemabutton at the bottom right opens a selection dialog to choose the appropriate schema file.- Examples (Found under
/docs/schemasin the openc2-oif-orchestrator repository)- OpenC2 SLPF Schema
- OpenC2 Language Spec Schema
- Provided to allow the user to create their own Actuator Profile
- Experimental Examples - Coming Soon
- SBOM
- OSQuery
- Endpoint Response
- Examples (Found under
- Click the
REGISTERbutton at bottom right to complete the device registration.
The screenshots below show the registered actuators list and actuator editing dialog:
Prerequisites for processing commands and responses:
- A device has been registered
- An actuator has been registered and associated with a device
- The OIF Orchestrator and Device are running, with a network
connection between them
- Link to the OIF Device walk through coming soon
The OIF Orchestrator has main menu functions to generate
commands (Command Generator), and to view the history of
commands and associated responses (Commands).
The steps to generate and send commands are as follows:
- Select
Command Generatorfrom the main menu.
- From the pull-down labeled
Schema, select the schema for the desired actuator or actuator profile; the schema will be loaded in the pane below for reference. - Select the
Creatortab on the right side, then click onMessage Typeand pickOpenC2_Command; a set of selection boxes will appear below, based on the selected schema. These boxes update dynamically when appropriate as the command is constructed. - Use the selection boxes to specify the desired command;
for example:
- action:
query - target:
features - feature:
pairs
- action:
- Click the
Generate IDbutton to assign a unique identifier to this command - Select the
Messagetab to see the message content and choose the Protocol and Serialization for sending this command. Options will be limited to those supported by the device with which the actuator is associated. - Click the
Sendbutton to issue the command to the actuator. - A pop-up notification will appear reporting the command is sent, or any errors that occur.
To view previous commands and their associated responses, select
Previous Commands from the main menu. A list will appear of all
commands that have been sent.
Click on the Info button for any command to see the
command / response history (the image below was edited to show
complete command and response together).
- If you are registering a new actuator for the first time
while utilizing the MQTT transport you may need to update
the
MQTT_TOPICSenvironment variable. Read the MQTT Topics section here
If needed, the ReadMe files for the OIF Orchestrator's components are linked here:
Tutorials are available for extending the OIF:
- Adding a new serialization
- Adding a new transport protocol