if ! [ "$(id -un)" = root ]; then export SUDO=sudo; else SUDO=""; fi
$SUDO apt-get update
$SUDO apt-get -y install curl lsb-release gnupg
echo "deb https://box.foresightcyber.com/fcpc-dev/$(lsb_release -sc)/ ./" \
| $SUDO tee /etc/apt/sources.list.d/fcpc.list
curl https://box.foresightcyber.com/fcpc/fcpc.gpg.pub \
| $SUDO apt-key add
$SUDO apt-get update
$SUDO apt-get install fcpc fcpd python3-pandagg/fcp
fcpc help general
You can use our predeployed docker image.
docker run --name fcpc -ti limosek/fcpc:dev daemon
docker exec -ti fcpc fcpc help general
Use this docker-compose.yml file.
Create /etc/fcpc/config.ini with your settings.
Note that this is just example and for persistent storage, you need to change elasticsearch settings!
version: '3.4'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.15.1
hostname: elasticsearch
ports:
- 127.0.0.1:9200:9200
networks:
- fcp
fcpd:
image: limosek/fcpc
hostname: fcpd
environment:
- FCP_CONFIG=/etc/fcpc/config.ini
- FCP_DB_DRIVER=elastic
- FCP_DB_ELASTIC_PREFIX=fcpc
- FCP_DB_ELASTIC_URL=http://elasticsearch:9200/
- HTTP_PORT=8156
- HTTP_LISTEN=0.0.0.0
depends_on:
- elasticsearch
volumes:
- /etc/fcpc:/etc/fcpc
ports:
- 127.0.0.1:8156:8156
networks:
- fcp
networks:
fcp:
pip3 install \
--extra-index-url=https://box.foresightcyber.com/fcpc-dev/bullseye/simple/ \
fcpc
fcpc help general
You should get this result if successful
usage: fcpc.py [-c CONFIG] [-l LOGLEVEL] [--logfile LOGFILE] [--modules MODULES] [--timezone TIMEZONE]
[--profiling FILE] [--message MESSAGE] [--locationid LOCATIONID] [--organizationid ORGANIZATIONID]
[--tag TAG] [--cd CD] [--write_exit_code WRITE_EXIT_CODE] [--asset.inactive.days ASSET.INACTIVE.DAYS]
[--asset.nologins.days ASSET.NOLOGINS.DAYS] [--user USER]
[--host.default.name {guess,fqdn,ip,hostname}] [--host.default.domain HOST.DEFAULT.DOMAIN]
[--prev_epoch PREV_EPOCH] [--epoch EPOCH] [--epochs_back EPOCHS_BACK] [--server.url SERVER.URL]
[--client mode] [--help_format {cli,md}] [--input.format FORMAT] [--input.buffering FLAG]
[--input.file FILE] [--output.format FORMAT] [--output.buffering FLAG] [--output.file FILE]
[--output.column COLUMN] [--cli.write.header BOOL] [--cli.dump.columns BOOL]
[--cli.count.column COLUMN] [--cli.shorten.column COLUMN:WIDTH] [--cli.tag.group CLI.TAG.GROUP]
[--cli.tag.show CLI.TAG.SHOW] [--cli.tag.suppress CLI.TAG.SUPPRESS] [--cli.clock.column COLUMN]
[--cli.count.rows BOOL] [--cli.write.type TYPE]
add cache count daemon db del describe diff epoch groupby help hint history job link list show search
select shell tag tag-by-query untag-by-query tag-duplicated-by tag-intersect-by update views ansible
azuread report graph hardenize itop ldap nmap qualys remedy rt skybox zabbix
If you see general help message, you can continue to Configuration guide
Public key used to sign:
pub rsa3072 2021-10-04 [SC]
1C4B98D612C6899B388771391F7012EC94B3D31D
uid [ultimate] Foresight Cyber Platform <fcp@foresightcyber.com>
sub rsa3072 2021-10-04 [E]