Advanced Installation and Configuration

Everything you need to install and configure SOARCA

After completing the Getting Started setup for SOARCA, you may find that certain advanced configurations or customizations are necessary to optimize SOARCA for your specific use cases, for example integrating with The Hive. This section provides in-depth guidance on additional steps you can take to enhance, secure, and integrate SOARCA with your infrastructure, ensuring it meets your unique operational needs.

Configuring SOARCA

VariableContentDescription
PORT8080Set the exposed port of SOARCA. Default is 8080.
SOARCA_ALLOWED_ORIGINS*Set allowed origins for cross-origin requests. Default is *.
GIN_MODEreleaseSet the GIN mode. Default is release.
DATABASEfalseSet if you want to run with an external database. Default is false.
MONGODB_URImongodb://localhost:27017Set the MongoDB URI. Default is mongodb://localhost:27017.
DATABASE_NAMEsoarcaSet the MongoDB database name when using Docker. Default is soarca.
DB_USERNAMErootSet the MongoDB database user when using Docker. Default is root.
DB_PASSWORDrootpasswordSet the MongoDB database user password when using Docker. Change this in production! Default is rootpassword.
PLAYBOOK_API_LOG_LEVELtraceSet the log level for the playbook API. Default is trace.
MAX_REPORTERS5Set the maximum number of downstream reporters. Default is 5.
LOG_GLOBAL_LEVELinfoOne of the specified log levels. Default is info.
LOG_MODEdevelopmentSet the logging mode. If production, LOG_GLOBAL_LEVEL is used for all modules. Default is development.
LOG_FILE_PATH""Path to the logfile for all logging. Default is "" (empty string).
LOG_FORMATjsonSet the logging format. Either text or json. Default is json.
ENABLE_FINSfalseEnable FINS in SOARCA. Default is false.
MQTT_BROKERlocalhostThe broker address for SOARCA to connect to for communication with FINS. Default is localhost.
MQTT_PORT1883The port for the MQTT broker. Default is 1883.
HTTP_SKIP_CERT_VALIDATIONfalseSet whether to skip certificate validation for HTTP connections. Default is false.
VALIDATION_SCHEMA_URL""Set a custom validation schema to validate playbooks. Default is "" to use the internal schema. Note: Changing this can heavily impact performance.

Integrations

The Hive

VariableContentDescription
THEHIVE_ACTIVATEfalseEnable integration with The Hive. Default is false.
THEHIVE_API_TOKENyour_tokenSet the API token for The Hive integration.
THEHIVE_API_BASE_URLhttp://your.thehive.instance/api/v1/Set the base URL for The Hive API. Default is "".

Authentication

VariableContentDescription
AUTH_ENABLEDfalseEnable authentication. Default is false.
OIDC_ISSUERhttps://localhost:9443/application/u/test/The OIDC issuer URL.
OIDC_CLIENT_IDSOME_CLIENT_IDSet the OIDC client ID.
OIDC_CLIENT_SECRETSOME_CLIENT_SECRETSet the OIDC client secret.
OIDC_REDIRECT_URLhttp://localhost:8081/auth/soarca_gui/callbackSet the OIDC redirect URL.
COOKIE_SECRET_KEYSOME_COOKIE_SECRETOptional: Secret key for cookies. Generate using openssl rand -base64 32 or `head -c 32 /dev/urandom
OIDC_SKIP_TLS_VERIFYtrueSet whether to skip TLS verification. Default is true.
AUTH_GROUPsoarca_adminSpecify the group users must belong to for authentication against SOARCA.

Setup RBAC for SOARCA

Setup OIDC based Role-Based Access Control (RBAC) for SOARCA


Last modified December 11, 2024: revert auto past issue (de2fde1)