OpenKAT Logo

Contents

  • About OpenKAT
    • What is OpenKAT?
      • Introduction
      • Why was OpenKAT created?
      • Why is OpenKAT useful?
      • Who is OpenKAT for?
      • Which problem does OpenKAT solve?
        • Framework
        • Plugins for scanning
        • External timestamps
        • Datamodel
        • Automatic scanning
        • Indemnity per user and organisation
        • Findings and reports
      • Security concept
      • Responsible disclosure
      • Where do I start with OpenKAT?
      • Where is the software located?
      • What are the plans for the future?
    • Release notes
      • OpenKAT 1.20
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.19
        • New Features and Bug fixes
        • Documentation
        • Dependency Updates
        • Upgrading
        • Full Changelog
      • OpenKAT 1.18 - Sneeuwkat
        • New Features and Bug fixes
        • Documentation
        • Dependency Updates
        • Upgrading
        • Deleting Outdated Reports
        • Full Changelog
      • OpenKAT 1.17
        • New Features
        • Bug fixes
        • Upgrading
        • Running the Origin Migration
        • Full Changelog
      • OpenKAT 1.16
        • New Features
        • Bug fixes
        • Upgrading
        • Checking the KATalogus Migration
        • Full Changelog
      • OpenKAT 1.15 (Roeltje)
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.14
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.13
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.12
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.11
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.10
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.9
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.8
        • New Features
        • Bug fixes
        • Upgrading
        • Full Changelog
      • OpenKAT 1.7
        • New Features
        • Upgrading
        • Full Changelog
      • OpenKAT 1.6
        • Full Changelog
      • OpenKAT 1.5
        • New Features
        • Upgrading
        • Full Changelog
  • User manual
    • Getting started
      • Introduction
        • General information
        • The scanning process
        • User flow
        • Starting with OpenKAT
      • Login & registration
        • Registration
        • Login
        • Reset password
        • Two-factor authentication (2FA)
      • Onboarding
        • Step-by-step onboarding
      • Start scanning
        • Adding an object
        • Changing clearance level
        • Enable plugins
        • Finally
      • Generate a report
        • Select the kind of report
        • Object selection
        • Choose report types
        • Configuration
        • Export setup
        • More information
    • Basic concepts
      • Objects and recursion
        • Properties
        • Recursion
        • Object clearance type
      • Scan levels, clearance & indemnities
        • Inheritance
        • Indemification by user
        • Extended profiles
    • Navigation
      • Overview of pages
      • Crisis Room
        • Single Organization Crisis Room
        • General Crisis Room
      • KAT-alogus
      • Findings
        • Muted findings
      • Reports
        • Kind of reports
        • Report types
        • Report contents
        • Report flow
        • Plugins
        • Report naming
        • Downloading and/or exporting a report
        • Generating a Multi Report
        • Troubleshooting
      • Objects
        • Objects overview
        • Object details
      • Tasks
      • Members
      • Settings
      • User settings
        • My organization
        • Profile
    • Glossary
  • Installation and deployment
    • How do I install OpenKAT?
      • Production environments
        • Pre-built Docker images
        • Debian packages
      • Alternative installs
        • Kubernetes
        • Ansible
      • Development environment
        • make kat
      • Minimum requirements
      • Example infrastructure
    • Production: Container deployment
      • Container images
      • Setup
      • IPv6 support
      • Container commands
      • Upgrading
    • Separate Boefje Workers
    • Production: Debian packages
      • Supported distributions
      • Prerequisites
      • Downloading and installing
      • Set up RabbitMQ
        • Installation
        • Add the ‘kat’ vhost
      • Set up the databases
        • Rocky DB
        • KAT-alogus DB
        • Bytes DB
        • Mula DB
      • Create Rocky superuser and set up default groups and permissions
      • Configure Bytes credentials
      • Configure hostname in Rocky
      • Restart KAT
      • Start KAT on system boot
      • Configure reverse proxy
      • Start using OpenKAT
      • Upgrading OpenKAT
    • Developer environment
    • Scripts
      • Installation
      • Update
      • Status and logs
      • Starting, stopping, restarting
      • Empty queue
      • Backup
      • How to backup your volume
      • Restoring your docker volume
      • Example
    • Production: Hardening OpenKAT
      • DJANGO_ALLOWED_HOSTS
      • DJANGO_CSRF_TRUSTED_ORIGINS
      • SESSION_COOKIE_AGE
      • Security headers
      • SSL/TLS on nginx
      • Obscuring errors to the clients
      • Web Application Firewall
      • Continue reading
    • Development: make kat
      • make kat
        • Requirements
        • Before installing
        • Getting Started
        • Updates
        • Clean reinstallation
      • Observability
        • OpenTelemetry
        • Jaeger: Distributed Tracing
        • Pyroscope: Continuous Profiling
    • Development: make kat on Windows
      • Follow these steps
        • Step 1: Install WSL
        • Step 2: Preparation
        • Step 3: Open your Linux subsystem
        • Step 4: Clone nl-kat-coordination
        • Step 5: Open the code in Visual Studio Code
        • Step 6: Complete the .env file
        • Step 7: Start OpenKAT
      • Troubleshooting
    • Test or develop via GitPod
      • Gitpod test environment
    • Adding NGINX to OpenKAT
      • Background
      • Installation
      • Logging
      • Activation
      • SSL certificates
      • Restart NGINX and go
      • Security settings
    • S3 buckets
      • Enabling S3 buckets for Bytes
      • S3 bucket names
    • Debugging and troubleshooting
      • Healthpage
      • Processes
        • Docker containers
        • Packaged versions
        • Debian package service logs
      • Diskspace in debug mode
      • XTDB memory size
      • Permissions
    • Events and Logging
    • Environment settings
      • Boefjes
        • BOEFJES_LOG_CFG
        • BOEFJES_POOL_SIZE
        • BOEFJES_POLL_INTERVAL
        • BOEFJES_WORKER_HEARTBEAT
        • BOEFJES_DEDUPLICATE
        • BOEFJES_PLUGINS
        • BOEFJES_IMAGES
        • BOEFJES_REMOTE_NS
        • BOEFJES_SCAN_PROFILE_WHITELIST
        • KATALOGUS_DB_URI
        • KATALOGUS_DB_CONNECTION_POOL_SIZE
        • SCHEDULER_API
        • KATALOGUS_API
        • OCTOPOES_API
        • BOEFJES_API
        • BOEFJES_API_HOST
        • BOEFJES_API_PORT
        • BOEFJES_DOCKER_NETWORK
        • BOEFJES_DOCKER_INTERNAL_HOST
        • BYTES_API
        • BYTES_USERNAME
        • BYTES_PASSWORD
        • BOEFJES_ENCRYPTION_MIDDLEWARE
        • BOEFJES_KATALOGUS_PRIVATE_KEY
        • BOEFJES_KATALOGUS_PUBLIC_KEY
        • SPAN_EXPORT_GRPC_ENDPOINT
        • BOEFJES_LOGGING_FORMAT
        • BOEFJES_OUTGOING_REQUEST_TIMEOUT
      • Bytes
        • BYTES_SECRET
        • BYTES_USERNAME
        • BYTES_PASSWORD
        • QUEUE_URI
        • BYTES_LOG_CFG
        • BYTES_DB_URI
        • BYTES_DATA_DIR
        • BYTES_LOG_FILE
        • BYTES_ACCESS_TOKEN_EXPIRE_MINUTES
        • BYTES_FOLDER_PERMISSION
        • BYTES_FILE_PERMISSION
        • BYTES_HASHING_ALGORITHM
        • BYTES_EXT_HASH_REPOSITORY
        • BYTES_PASTEBIN_API_DEV_KEY
        • BYTES_RFC3161_PROVIDER
        • BYTES_RFC3161_CERT_FILE
        • BYTES_ENCRYPTION_MIDDLEWARE
        • BYTES_PRIVATE_KEY_B64
        • BYTES_PUBLIC_KEY_B64
        • BYTES_METRICS_TTL_SECONDS
        • BYTES_METRICS_CACHE_SIZE
        • SPAN_EXPORT_GRPC_ENDPOINT
        • BYTES_DB_CONNECTION_POOL_SIZE
        • BYTES_LOGGING_FORMAT
        • S3_BUCKET_PREFIX
        • S3_BUCKET
        • BUCKET_PER_ORG
      • Mula
        • DEBUG
        • SCHEDULER_LOG_CFG
        • SCHEDULER_COLLECT_METRICS
        • SCHEDULER_LOGGING_FORMAT
        • SCHEDULER_API_HOST
        • SCHEDULER_API_PORT
        • SCHEDULER_MONITOR_ORGANISATIONS_INTERVAL
        • SCHEDULER_OCTOPOES_REQUEST_TIMEOUT
        • SCHEDULER_OCTOPOES_POOL_CONNECTIONS
        • SCHEDULER_KATALOGUS_REQUEST_TIMEOUT
        • SCHEDULER_KATALOGUS_POOL_CONNECTIONS
        • SCHEDULER_BYTES_REQUEST_TIMEOUT
        • SCHEDULER_BYTES_POOL_CONNECTIONS
        • SCHEDULER_RABBITMQ_PREFETCH_COUNT
        • KATALOGUS_API
        • BYTES_API
        • BYTES_USERNAME
        • BYTES_PASSWORD
        • OCTOPOES_API
        • QUEUE_URI
        • QUEUE_URI
        • SPAN_EXPORT_GRPC_ENDPOINT
        • SCHEDULER_PQ_MAXSIZE
        • SCHEDULER_PQ_INTERVAL
        • SCHEDULER_PQ_GRACE_PERIOD
        • SCHEDULER_PQ_MAX_RANDOM_OBJECTS
        • SCHEDULER_DB_URI
        • SCHEDULER_DB_CONNECTION_POOL_SIZE
      • Octopoes
        • OCTOPOES_LOG_CFG
        • QUEUE_URI
        • XTDB_URI
        • KATALOGUS_API
        • OCTOPOES_SCAN_LEVEL_RECALCULATION_INTERVAL
        • OCTOPOES_BITS_ENABLED
        • OCTOPOES_BITS_DISABLED
        • SPAN_EXPORT_GRPC_ENDPOINT
        • OCTOPOES_LOGGING_FORMAT
        • OCTOPOES_OUTGOING_REQUEST_TIMEOUT
        • OCTOPOES_WORKERS
        • ASSET_REPORTS
      • Rocky
        • Email Settings
    • External authentication
    • CVE API
    • Users and organizations
      • Organizations
      • Users
      • Rights and functions per user type
      • User management
      • Adding users through a CSV file
        • How does it work?
        • How should I prepare the CSV file?
        • User notification
      • API token authentication
    • FAQ
      • I cannot login
      • I can login, but I do not see the onboarding as a first time user
      • I can login, but cannot add any objects
      • The jobs in the scheduler do not run every day
  • Developer documentation
    • Contributing
      • Contributing
        • Introduction
      • UI/UX design documentation
        • Figma
      • Project Guidelines
        • Project management
        • Development
        • OpenKAT background and concepts
        • Contributions
        • Feature flow
        • Security
      • GitHub Templates
        • Bug Report Template
        • Feature Request Template
        • Pull Request template for authors
        • Code review checklist for PR’s
        • QA checklist for PR’s
    • Quick start
      • Installation
    • Basic principles
      • Basics of OpenKAT
        • General notes
        • Basic concepts
        • System design
      • Modules
        • Rocky - frontend
        • Mula - scheduler
        • Octopoes - datamodel
        • Bytes - raw data storage
        • Boefjes and whiskers - scanners and normalizers
        • Manon - styling
      • Boefjes
      • Origin types
      • Bits
      • Normalizers
        • Burp Suite
      • Questions & Configs
        • Disallowed CSP hostnames
        • OOIs in headers
        • Port mapping
      • Plugins for OpenKAT: boefjes, whiskers and bits
        • What types of plugins are available?
        • How does it work?
        • Where to start?
        • Existing boefjes
        • Adding object-types
        • Bits: businessrules
        • Configurable bits
        • Adding Boefjes
      • Trusted timestamps in OpenKAT
        • About the protocol
        • Available timestamp servers
        • How to verify a timestamp?
    • Rocky
      • Installation
        • Containerized
        • Local
      • Development
        • Testing
      • Design
        • Fonts license
      • Technical Design
        • Running a boefje
        • Rocky View Structure
    • Scheduler
      • Purpose
      • Architecture
        • Stack, packages and libraries
        • External services
        • Project structure
      • Running / Developing
        • Prerequisites
        • Running
        • Migrations
      • Testing
      • Scripts
      • load.py
      • benchmark.py
    • Boefjes
      • Prerequisites
      • KATalogus
        • Organisations
        • Plugins
        • Settings
      • Environment variables
      • Technical Design
        • Boefje and Normalizer Workers
        • Running as a Docker container
        • Running the worker directly
        • Example job
        • Manually running a boefje or normalizer
        • Boefje and normalizer structure
        • Tests
    • Design considerations for new boefjes runner
      • Images
        • Distribution
        • Metadata
      • I/O
        • Input
        • Output
      • Logging
      • Runtimes
        • Docker
        • Kubernetes
        • Nomad
      • Building images with this spec from the current boefjes
        • Summary of decisions
      • Limitations
    • Design considerations for new normalisers (whiskers) runner
      • Current situation
      • Requirements
      • Design
        • Runtime
        • Distribution
        • Input/Output
        • Supervisor process
      • Discussion
      • Conclusions
    • Bytes
      • Installation
        • With Docker
        • Without Docker
        • Hashing and Encryption
        • Observability
      • Design
        • Design: C2 Container level
        • Design: C3 Component level
      • Development
        • Code style and tests
        • Migrations
        • Export SQL migrations
      • Production
        • Performance tuning
    • Octopoes
      • Instructions
        • Run Octopoes API
        • Run the event processor
      • Healthcheck
      • OOI
      • Origin
      • Origin through declaration
      • Origin through observation
      • Origin through inference
      • Graph mutations
      • Code Architecture
        • Sequence: save_origin
        • Sequence: process update ooi
      • XTDB
        • XTDB-cli tool
        • XTDB analyze bits tool
      • OOI Objects
      • Relationships
      • A few example records
      • OOI Reference
      • Octopoes API
        • OctopoesAPIConnector
      • Abstract classes / subclassing
      • Querying
      • Run bit manually
      • Tests
    • Octopoes Models
      • octopoes.models.ooi.service
        • IPService
        • Service
        • TLSCipher
      • octopoes.models.ooi.findings
        • ADRFindingType
        • CAPECFindingType
        • CVEFindingType
        • CWEFindingType
        • Finding
        • FindingType
        • KATFindingType
        • MutedFinding
        • RetireJSFindingType
        • RiskLevelSeverity
        • SnykFindingType
      • octopoes.models.ooi.email_security
        • DKIMExists
        • DKIMKey
        • DKIMSelector
        • DMARCTXTRecord
        • DNSSPFMechanism
        • DNSSPFMechanismHostname
        • DNSSPFMechanismIP
        • DNSSPFMechanismNetBlock
        • DNSSPFRecord
        • MechanismQualifier
      • octopoes.models.ooi.web
        • APIDesignRule
        • APIDesignRuleResult
        • HTTPHeader
        • HTTPHeaderHostname
        • HTTPHeaderURL
        • HTTPResource
        • HostnameHTTPURL
        • IPAddressHTTPURL
        • ImageMetadata
        • RESTAPI
        • SecurityTXT
        • URL
        • WebScheme
        • WebURL
        • Website
      • octopoes.models.ooi.config
        • Config
      • octopoes.models.ooi.certificate
        • AlgorithmType
        • SubjectAlternativeName
        • SubjectAlternativeNameHostname
        • SubjectAlternativeNameIP
        • SubjectAlternativeNameQualifier
        • X509Certificate
      • octopoes.models.ooi.monitoring
        • Application
        • Incident
      • octopoes.models.ooi.question
        • Question
      • octopoes.models.ooi.network
        • AutonomousSystem
        • IPAddress
        • IPAddressV4
        • IPAddressV6
        • IPPort
        • IPV4NetBlock
        • IPV6NetBlock
        • NetBlock
        • Network
        • PortState
        • Protocol
      • octopoes.models.ooi.reports
        • AssetReport
        • BaseReport
        • HydratedReport
        • Report
        • ReportData
        • ReportRecipe
      • octopoes.models.ooi.dns.records
        • CAATAGS
        • DNSAAAARecord
        • DNSARecord
        • DNSCAARecord
        • DNSCNAMERecord
        • DNSMXRecord
        • DNSNSRecord
        • DNSPTRRecord
        • DNSRecord
        • DNSSOARecord
        • DNSTXTRecord
        • NXDOMAIN
      • octopoes.models.ooi.dns.zone
        • DNSZone
        • Hostname
        • ResolvedHostname
      • octopoes.models.ooi.software
        • Software
        • SoftwareInstance
    • Octopoes Research
      • Introduction
      • Part I - Requirements, context and inherent complexities
        • Context of Octopoes in KAT
        • Objectives
        • Complexities of Octopoes
      • Part II - Working towards a solution
        • Stages of data processing
        • ClaimSpace
        • FactSpace
        • Inference
        • Handling updates / incoming data
    • Reports
      • Creating reports
        • Location of the report code
        • Steps to create a new report
        • Collecting data
      • Writing report unit tests
        • Purpose of unit testing
        • Steps for writing unit tests
        • Executing unit tests
    • Development tutorial
      • Glossary
        • Creating a Boefje
        • Testing the boefje
        • Creating a new model
        • Creating a normalizer
        • Creating a bit
        • Creating a report
    • QA Test plan
      • Read the PR
      • Manual testing
      • Check the Docker logs
      • Document QA notes
      • On occasion
OpenKAT
  • About OpenKAT
  • Release notes
  • Edit on GitHub

Release notes

Releases

  • OpenKAT 1.20
  • OpenKAT 1.19
  • OpenKAT 1.18 - Sneeuwkat
  • OpenKAT 1.17
  • OpenKAT 1.16
  • OpenKAT 1.15 (Roeltje)
  • OpenKAT 1.14
  • OpenKAT 1.13
  • OpenKAT 1.12
  • OpenKAT 1.11
  • OpenKAT 1.10
  • OpenKAT 1.9
  • OpenKAT 1.8
  • OpenKAT 1.7
  • OpenKAT 1.6
  • OpenKAT 1.5
Previous Next

© Copyright Ministerie van Volksgezondheid, Welzijn en Sport (European Union Public License 1.2).

Built with Sphinx using a theme provided by Read the Docs.