CISO Assistant
  • 👋Welcome to CISO Assistant
  • Guide
    • Installation
    • Understanding decoupling
    • General tips
    • Journeys
    • 🏗️Creating your first perimeter
    • ✅Creating your first Audit
    • 📊Creating your first risk assessment
    • 🔎Overview
    • 🧰Extra tools
    • 🌐External resources
    • Understand mapping
    • Glossary
    • Data import wizard
  • Features highlight
    • Controls autosuggestion
    • Multi-level support
    • Flash mode
    • Evidences from clipboard
    • Library upgrade
    • Mapping explorer
    • SSO
      • Microsoft Entra ID
      • Okta
      • Keycloak
      • Google Workplace
    • Setting up Multi-Factor Authentication (MFA)
  • Model
    • 📁Organization
      • Add and manage users
      • User Groups
    • ⚙️Context
    • 🏛️Governance
    • 💣Risk
    • 📋Compliance
  • Deployment
    • Prerequisites
    • Local
    • Remote/Virtualization
    • Deploy on a VPS
    • Frequent questions
    • Setting up mailer
    • Updating your local instance
    • Helm Chart
    • Special cases
    • Upgrading a library
  • ✨Customization
    • Getting your custom framework
    • CIS Controls
    • Changing the language
  • Contributing
    • Internationalization
      • Translating the interface
    • Submit a library
  • Academy
    • Overview
    • Third Parties Risk Management
    • Etude EBIOS RM
Powered by GitBook

Community

  • Github
  • Discord

intuitem

  • Home
  • SaaS trial

© intuitem, 2018-2024

On this page
  • From the VM
  • From your network / host OS
  • Legacy - Kept for reference purposes

Was this helpful?

Export as PDF
  1. Deployment

Remote/Virtualization

Experimenting CISO Assistant through remote server or hypervisor

New: Use the config builder at the config folder of the repo for an interactive and reliable experience.

To get started with the config builder, make sure you have python and docker installed. Here is an example on ubuntu:

#update ubuntu repository and OS
sudo apt update
sudo apt upgrade 

# install docker
sudo snap install docker

#install python
sudo apt install python3-pip python3.12-venv

#clone the repo
git clone https://github.com/intuitem/ciso-assistant-community.git

#go to the config generator
cd ciso-assistant-community
cd config

# setting up the python project and dependencies 
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

# run the interactive config generator
python make_config.py

You cannot use IP addresses on the configuration and you need to have a FQDN mapped to it.

  1. If you aim to expose the VM to internet, use this dedicated guide: Deploy on a VPS

  2. If you aim to connect from the VM

  3. If you aim to connect to the VM from your network

From the VM

This means that you will be using a browser from within the VM so localhost settings are applicable. You can simply use the default ./docker-compose.sh at the root of the repository or trigger the config builder with the following settings:

run ./docker-compose.sh and connect from within the VM using https://localhost:8443

From your network / host OS

  • setup a FQDN for your VM and make sure it's known by the host you are connecting from. This will vary depending on your OS. For instance, for linux/mac, you can add a line to your /etc/hosts file such as:

192.168.1.87 ca.homelab.local

in this example, the first part is your VM's ip and the second one will be the FQDN you'll be providing to the config builder and that you will use to connect later on.

Run the config builder and provide the following settings:

run ./docker-compose.sh and connect from your host this time using https://ca.homelab.local:8443

Notes:

  • If you don't want to have a specific port, use the port 443 during the settings, given it's not used by another application on your system.

  • In the remote setup, if you also want to connect from within the VM, you can add your custom FQDN to the /etc/hosts of your VM but mapped to 127.0.0.1

---

Legacy - Kept for reference purposes

Let's say that you want to setup or experiment with CISO Assistant on a Network or Virtualized environment (eg. Hypervisor) on a remote host, for instance, to use with multiple users:

  • Install a recent version of Docker on your remote server

  • Given that we are using TLS with Caddy, we need to have DNS entries and not IPs

  • The workstations need to be able to reach the remote using an FQDN (DNS entry). If not you can add an entry on your /etc/hosts. Keep track of the remote server DNS as you'll put it on the next step, let's say the remote is cool-vm for instance

  • Clone the repo, but don't run anything yet. Edit the docker-compose.yml file as follows: (red is for deletion and green for addition); your diff should look like:

  • Five lines need to be edited. Save the file and move to the next step

If you're getting SSL_ERROR_INTERNAL ERROR_ALERT (Can be different on other browsers) blocking you from continuing, make sure that you've made the 5 changes above.

The tls internal (equivalent to -i in CLI mode) parameter of Caddy can present some security issues and is not recommended for production and internet exposure. You should consider proper certificates for that.

You're all set, and you can simply run:

./docker-compose.sh

Your CISO Assistant can be reached now from https://cool-vm:8443, and you can skip the SSL warning for the self-signed certificate.

PreviousLocalNextDeploy on a VPS

Last updated 10 days ago

Was this helpful?