OpenKAT Logo

Contents

  • About OpenKAT
    • What is OpenKAT?
      • Introduction
      • Why was OpenKAT created?
      • Why is OpenKAT useful?
      • Who is OpenKAT for?
      • Which problem does OpenKAT solve?
        • Framework
        • Plugins for scanning
        • External timestamps
        • Datamodel
        • Automatic scanning
        • Indemnity per user and organisation
        • Findings and reports
      • Security concept
      • Responsible disclosure
      • Where do I start with OpenKAT?
      • Where is the software located?
      • What are the plans for the future?
    • Release notes
      • OpenKAT 1.20
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.19
        • New Features and Bug fixes
        • Documentation
        • Dependency Updates
        • Upgrading
        • Full Changelog
      • OpenKAT 1.18 - Sneeuwkat
        • New Features and Bug fixes
        • Documentation
        • Dependency Updates
        • Upgrading
        • Deleting Outdated Reports
        • Full Changelog
      • OpenKAT 1.17
        • New Features
        • Bug fixes
        • Upgrading
        • Running the Origin Migration
        • Full Changelog
      • OpenKAT 1.16
        • New Features
        • Bug fixes
        • Upgrading
        • Checking the KATalogus Migration
        • Full Changelog
      • OpenKAT 1.15 (Roeltje)
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.14
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.13
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.12
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.11
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.10
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.9
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.8
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.7
        • New Features
        • Upgrading
        • Full Changelog
      • OpenKAT 1.6
        • Full Changelog
      • OpenKAT 1.5
        • New Features
        • Upgrading
        • Full Changelog
  • User manual
    • Getting started
      • Introduction
        • General information
        • The scanning process
        • User flow
        • Starting with OpenKAT
      • Login & registration
        • Registration
        • Login
        • Reset password
        • Two-factor authentication (2FA)
      • Onboarding
        • Step-by-step onboarding
      • Start scanning
        • Adding an object
        • Changing clearance level
        • Enable plugins
        • Finally
      • Generate a report
        • Select the kind of report
        • Object selection
        • Choose report types
        • Configuration
        • Export setup
        • More information
    • Basic concepts
      • Objects and recursion
        • Properties
        • Recursion
        • Object clearance type
      • Scan levels, clearance & indemnities
        • Inheritance
        • Indemification by user
        • Extended profiles
    • Navigation
      • Overview of pages
      • Crisis Room
        • Single Organization Crisis Room
        • General Crisis Room
      • KAT-alogus
      • Findings
        • Muted findings
      • Reports
        • Kind of reports
        • Report types
        • Report contents
        • Report flow
        • Plugins
        • Report naming
        • Downloading and/or exporting a report
        • Generating a Multi Report
        • Troubleshooting
      • Objects
        • Objects overview
        • Object details
      • Tasks
      • Members
      • Settings
      • User settings
        • My organization
        • Profile
    • Glossary
  • Installation and deployment
    • How do I install OpenKAT?
      • Production environments
        • Pre-built Docker images
        • Debian packages
      • Alternative installs
        • Kubernetes
        • Ansible
      • Development environment
        • make kat
      • Minimum requirements
      • Example infrastructure
    • Production: Container deployment
      • Container images
      • Setup
      • IPv6 support
      • Container commands
      • Upgrading
    • Separate Boefje Workers
    • Production: Debian packages
      • Supported distributions
      • Prerequisites
      • Downloading and installing
      • Set up RabbitMQ
        • Installation
        • Add the ‘kat’ vhost
      • Set up the databases
        • Rocky DB
        • KAT-alogus DB
        • Bytes DB
        • Mula DB
      • Create Rocky superuser and set up default groups and permissions
      • Configure Bytes credentials
      • Configure hostname in Rocky
      • Restart KAT
      • Start KAT on system boot
      • Configure reverse proxy
      • Start using OpenKAT
      • Upgrading OpenKAT
    • Developer environment
    • Scripts
      • Installation
      • Update
      • Status and logs
      • Starting, stopping, restarting
      • Empty queue
      • Backup
      • How to backup your volume
      • Restoring your docker volume
      • Example
    • Production: Hardening OpenKAT
      • DJANGO_ALLOWED_HOSTS
      • DJANGO_CSRF_TRUSTED_ORIGINS
      • SESSION_COOKIE_AGE
      • Security headers
      • SSL/TLS on nginx
      • Obscuring errors to the clients
      • Web Application Firewall
      • Continue reading
    • Development: make kat
      • make kat
        • Requirements
        • Before installing
        • Getting Started
        • Updates
        • Clean reinstallation
      • Observability
        • OpenTelemetry
        • Jaeger: Distributed Tracing
        • Pyroscope: Continuous Profiling
    • Development: make kat on Windows
      • Follow these steps
        • Step 1: Install WSL
        • Step 2: Preparation
        • Step 3: Open your Linux subsystem
        • Step 4: Clone nl-kat-coordination
        • Step 5: Open the code in Visual Studio Code
        • Step 6: Complete the .env file
        • Step 7: Start OpenKAT
      • Troubleshooting
    • Test or develop via GitPod
      • Gitpod test environment
    • Adding NGINX to OpenKAT
      • Background
      • Installation
      • Logging
      • Activation
      • SSL certificates
      • Restart NGINX and go
      • Security settings
    • S3 buckets
      • Enabling S3 buckets for Bytes
      • S3 bucket names
    • Debugging and troubleshooting
      • Healthpage
      • Processes
        • Docker containers
        • Packaged versions
        • Debian package service logs
      • Diskspace in debug mode
      • XTDB memory size
      • Permissions
    • Events and Logging
    • Environment settings
      • Boefjes
        • BOEFJES_LOG_CFG
        • BOEFJES_POOL_SIZE
        • BOEFJES_POLL_INTERVAL
        • BOEFJES_WORKER_HEARTBEAT
        • BOEFJES_DEDUPLICATE
        • BOEFJES_PLUGINS
        • BOEFJES_IMAGES
        • BOEFJES_REMOTE_NS
        • BOEFJES_SCAN_PROFILE_WHITELIST
        • KATALOGUS_DB_URI
        • KATALOGUS_DB_CONNECTION_POOL_SIZE
        • SCHEDULER_API
        • KATALOGUS_API
        • OCTOPOES_API
        • BOEFJES_API
        • BOEFJES_API_HOST
        • BOEFJES_API_PORT
        • BOEFJES_DOCKER_NETWORK
        • BOEFJES_DOCKER_INTERNAL_HOST
        • BYTES_API
        • BYTES_USERNAME
        • BYTES_PASSWORD
        • BOEFJES_ENCRYPTION_MIDDLEWARE
        • BOEFJES_KATALOGUS_PRIVATE_KEY
        • BOEFJES_KATALOGUS_PUBLIC_KEY
        • SPAN_EXPORT_GRPC_ENDPOINT
        • BOEFJES_LOGGING_FORMAT
        • BOEFJES_OUTGOING_REQUEST_TIMEOUT
      • Bytes
        • BYTES_SECRET
        • BYTES_USERNAME
        • BYTES_PASSWORD
        • QUEUE_URI
        • BYTES_LOG_CFG
        • BYTES_DB_URI
        • BYTES_DATA_DIR
        • BYTES_LOG_FILE
        • BYTES_ACCESS_TOKEN_EXPIRE_MINUTES
        • BYTES_FOLDER_PERMISSION
        • BYTES_FILE_PERMISSION
        • BYTES_HASHING_ALGORITHM
        • BYTES_EXT_HASH_REPOSITORY
        • BYTES_PASTEBIN_API_DEV_KEY
        • BYTES_RFC3161_PROVIDER
        • BYTES_RFC3161_CERT_FILE
        • BYTES_ENCRYPTION_MIDDLEWARE
        • BYTES_PRIVATE_KEY_B64
        • BYTES_PUBLIC_KEY_B64
        • BYTES_METRICS_TTL_SECONDS
        • BYTES_METRICS_CACHE_SIZE
        • SPAN_EXPORT_GRPC_ENDPOINT
        • BYTES_DB_CONNECTION_POOL_SIZE
        • BYTES_LOGGING_FORMAT
        • S3_BUCKET_PREFIX
        • S3_BUCKET
        • BUCKET_PER_ORG
      • Mula
        • DEBUG
        • SCHEDULER_LOG_CFG
        • SCHEDULER_COLLECT_METRICS
        • SCHEDULER_LOGGING_FORMAT
        • SCHEDULER_API_HOST
        • SCHEDULER_API_PORT
        • SCHEDULER_MONITOR_ORGANISATIONS_INTERVAL
        • SCHEDULER_OCTOPOES_REQUEST_TIMEOUT
        • SCHEDULER_OCTOPOES_POOL_CONNECTIONS
        • SCHEDULER_KATALOGUS_REQUEST_TIMEOUT
        • SCHEDULER_KATALOGUS_POOL_CONNECTIONS
        • SCHEDULER_BYTES_REQUEST_TIMEOUT
        • SCHEDULER_BYTES_POOL_CONNECTIONS
        • SCHEDULER_RABBITMQ_PREFETCH_COUNT
        • KATALOGUS_API
        • BYTES_API
        • BYTES_USERNAME
        • BYTES_PASSWORD
        • OCTOPOES_API
        • QUEUE_URI
        • QUEUE_URI
        • SPAN_EXPORT_GRPC_ENDPOINT
        • SCHEDULER_PQ_MAXSIZE
        • SCHEDULER_PQ_INTERVAL
        • SCHEDULER_PQ_GRACE_PERIOD
        • SCHEDULER_PQ_MAX_RANDOM_OBJECTS
        • SCHEDULER_DB_URI
        • SCHEDULER_DB_CONNECTION_POOL_SIZE
      • Octopoes
        • OCTOPOES_LOG_CFG
        • QUEUE_URI
        • XTDB_URI
        • KATALOGUS_API
        • OCTOPOES_SCAN_LEVEL_RECALCULATION_INTERVAL
        • OCTOPOES_BITS_ENABLED
        • OCTOPOES_BITS_DISABLED
        • SPAN_EXPORT_GRPC_ENDPOINT
        • OCTOPOES_LOGGING_FORMAT
        • OCTOPOES_OUTGOING_REQUEST_TIMEOUT
        • OCTOPOES_WORKERS
        • ASSET_REPORTS
      • Rocky
        • Email Settings
    • External authentication
    • CVE API
    • Users and organizations
      • Organizations
      • Users
      • Rights and functions per user type
      • User management
      • Adding users through a CSV file
        • How does it work?
        • How should I prepare the CSV file?
        • User notification
      • API token authentication
    • FAQ
      • I cannot login
      • I can login, but I do not see the onboarding as a first time user
      • I can login, but cannot add any objects
      • The jobs in the scheduler do not run every day
  • Developer documentation
    • Contributing
      • Contributing
        • Introduction
      • UI/UX design documentation
        • Figma
      • Project Guidelines
        • Project management
        • Development
        • OpenKAT background and concepts
        • Contributions
        • Feature flow
        • Security
      • GitHub Templates
        • Bug Report Template
        • Feature Request Template
        • Pull Request template for authors
        • Code review checklist for PR’s
        • QA checklist for PR’s
    • Quick start
      • Installation
    • Basic principles
      • Basics of OpenKAT
        • General notes
        • Basic concepts
        • System design
      • Modules
        • Rocky - frontend
        • Mula - scheduler
        • Octopoes - datamodel
        • Bytes - raw data storage
        • Boefjes and whiskers - scanners and normalizers
        • Manon - styling
      • Boefjes
      • Origin types
      • Bits
      • Normalizers
        • Burp Suite
      • Questions & Configs
        • Disallowed CSP hostnames
        • OOIs in headers
        • Port mapping
      • Plugins for OpenKAT: boefjes, whiskers and bits
        • What types of plugins are available?
        • How does it work?
        • Where to start?
        • Existing boefjes
        • Adding object-types
        • Bits: businessrules
        • Configurable bits
        • Adding Boefjes
      • Trusted timestamps in OpenKAT
        • About the protocol
        • Available timestamp servers
        • How to verify a timestamp?
    • Rocky
      • Installation
        • Containerized
        • Local
      • Development
        • Testing
      • Design
        • Fonts license
      • Technical Design
        • Running a boefje
        • Rocky View Structure
    • Scheduler
      • Purpose
      • Architecture
        • Stack, packages and libraries
        • External services
        • Project structure
      • Running / Developing
        • Prerequisites
        • Running
        • Migrations
      • Testing
      • Scripts
      • load.py
      • benchmark.py
    • Boefjes
      • Prerequisites
      • KATalogus
        • Organisations
        • Plugins
        • Settings
      • Environment variables
      • Technical Design
        • Boefje and Normalizer Workers
        • Running as a Docker container
        • Running the worker directly
        • Example job
        • Manually running a boefje or normalizer
        • Boefje and normalizer structure
        • Tests
    • Design considerations for new boefjes runner
      • Images
        • Distribution
        • Metadata
      • I/O
        • Input
        • Output
      • Logging
      • Runtimes
        • Docker
        • Kubernetes
        • Nomad
      • Building images with this spec from the current boefjes
        • Summary of decisions
      • Limitations
    • Design considerations for new normalisers (whiskers) runner
      • Current situation
      • Requirements
      • Design
        • Runtime
        • Distribution
        • Input/Output
        • Supervisor process
      • Discussion
      • Conclusions
    • Bytes
      • Installation
        • With Docker
        • Without Docker
        • Hashing and Encryption
        • Observability
      • Design
        • Design: C2 Container level
        • Design: C3 Component level
      • Development
        • Code style and tests
        • Migrations
        • Export SQL migrations
      • Production
        • Performance tuning
    • Octopoes
      • Instructions
        • Run Octopoes API
        • Run the event processor
      • Healthcheck
      • OOI
      • Origin
      • Origin through declaration
      • Origin through observation
      • Origin through inference
      • Graph mutations
      • Code Architecture
        • Sequence: save_origin
        • Sequence: process update ooi
      • XTDB
        • XTDB-cli tool
        • XTDB analyze bits tool
      • OOI Objects
      • Relationships
      • A few example records
      • OOI Reference
      • Octopoes API
        • OctopoesAPIConnector
      • Abstract classes / subclassing
      • Querying
      • Run bit manually
      • Tests
    • Octopoes Models
      • octopoes.models.ooi.service
        • IPService
        • Service
        • TLSCipher
      • octopoes.models.ooi.findings
        • ADRFindingType
        • CAPECFindingType
        • CVEFindingType
        • CWEFindingType
        • Finding
        • FindingType
        • KATFindingType
        • MutedFinding
        • RetireJSFindingType
        • RiskLevelSeverity
        • SnykFindingType
      • octopoes.models.ooi.email_security
        • DKIMExists
        • DKIMKey
        • DKIMSelector
        • DMARCTXTRecord
        • DNSSPFMechanism
        • DNSSPFMechanismHostname
        • DNSSPFMechanismIP
        • DNSSPFMechanismNetBlock
        • DNSSPFRecord
        • MechanismQualifier
      • octopoes.models.ooi.web
        • APIDesignRule
        • APIDesignRuleResult
        • HTTPHeader
        • HTTPHeaderHostname
        • HTTPHeaderURL
        • HTTPResource
        • HostnameHTTPURL
        • IPAddressHTTPURL
        • ImageMetadata
        • RESTAPI
        • SecurityTXT
        • URL
        • WebScheme
        • WebURL
        • Website
      • octopoes.models.ooi.config
        • Config
      • octopoes.models.ooi.certificate
        • AlgorithmType
        • SubjectAlternativeName
        • SubjectAlternativeNameHostname
        • SubjectAlternativeNameIP
        • SubjectAlternativeNameQualifier
        • X509Certificate
      • octopoes.models.ooi.monitoring
        • Application
        • Incident
      • octopoes.models.ooi.question
        • Question
      • octopoes.models.ooi.network
        • AutonomousSystem
        • IPAddress
        • IPAddressV4
        • IPAddressV6
        • IPPort
        • IPV4NetBlock
        • IPV6NetBlock
        • NetBlock
        • Network
        • PortState
        • Protocol
      • octopoes.models.ooi.reports
        • AssetReport
        • BaseReport
        • HydratedReport
        • Report
        • ReportData
        • ReportRecipe
      • octopoes.models.ooi.dns.records
        • CAATAGS
        • DNSAAAARecord
        • DNSARecord
        • DNSCAARecord
        • DNSCNAMERecord
        • DNSMXRecord
        • DNSNSRecord
        • DNSPTRRecord
        • DNSRecord
        • DNSSOARecord
        • DNSTXTRecord
        • NXDOMAIN
      • octopoes.models.ooi.dns.zone
        • DNSZone
        • Hostname
        • ResolvedHostname
      • octopoes.models.ooi.software
        • Software
        • SoftwareInstance
    • Octopoes Research
      • Introduction
      • Part I - Requirements, context and inherent complexities
        • Context of Octopoes in KAT
        • Objectives
        • Complexities of Octopoes
      • Part II - Working towards a solution
        • Stages of data processing
        • ClaimSpace
        • FactSpace
        • Inference
        • Handling updates / incoming data
    • Reports
      • Creating reports
        • Location of the report code
        • Steps to create a new report
        • Collecting data
      • Writing report unit tests
        • Purpose of unit testing
        • Steps for writing unit tests
        • Executing unit tests
    • Development tutorial
      • Glossary
        • Creating a Boefje
        • Testing the boefje
        • Creating a new model
        • Creating a normalizer
        • Creating a bit
        • Creating a report
    • QA Test plan
      • Read the PR
      • Manual testing
      • Check the Docker logs
      • Document QA notes
      • On occasion
OpenKAT
  • About OpenKAT
  • Edit on GitHub

About OpenKAT

This section contains an introduction about OpenKAT. Here you can read what OpenKAT is, what it is used for and why it could be useful for you to use it. Besides this, you can also find the release notes here.

Contents

  • What is OpenKAT?
    • Introduction
    • Why was OpenKAT created?
    • Why is OpenKAT useful?
    • Who is OpenKAT for?
    • Which problem does OpenKAT solve?
    • Security concept
    • Responsible disclosure
    • Where do I start with OpenKAT?
    • Where is the software located?
    • What are the plans for the future?
  • Release notes
    • OpenKAT 1.20
    • OpenKAT 1.19
    • OpenKAT 1.18 - Sneeuwkat
    • OpenKAT 1.17
    • OpenKAT 1.16
    • OpenKAT 1.15 (Roeltje)
    • OpenKAT 1.14
    • OpenKAT 1.13
    • OpenKAT 1.12
    • OpenKAT 1.11
    • OpenKAT 1.10
    • OpenKAT 1.9
    • OpenKAT 1.8
    • OpenKAT 1.7
    • OpenKAT 1.6
    • OpenKAT 1.5
Previous Next

© Copyright Ministerie van Volksgezondheid, Welzijn en Sport (European Union Public License 1.2).

Built with Sphinx using a theme provided by Read the Docs.