T-Guard Official Documentation
  • Introduction
    • About T-Guard
    • Architecture
  • Installation
    • Prerequisites
    • Installation Steps
    • Integration Steps
    • Use Case
  • User Manual
    • Wazuh (SIEM)
      • Accessing Wazuh Dashboard
      • Deploying Wazuh Agents
      • Wazuh Fields Description
      • Decoders and Rulers
      • Threat Detection and Response
    • DFIR-IRIS
      • DFIR-IRIS (Digital Forensic Incident Response - IRIS)
      • Accessing DFIR-IRIS Dashboard
      • Using IRIS
  • Demo Testing
    • Brute-force Attacks
    • Malware Detection
    • File Integrity Monitoring
Powered by GitBook
On this page
  • Step 1: Update System and Install Prerequisites
  • Step 2: Install Docker
  • Step 3: Install Wazuh (SIEM)
  • Step 4: Install Shuffle (SOAR)
  • Step 5: Install DFIR-IRIS (Incident Response/Ticketing)
  • Step 6: Install MISP (Threat Intell)
  • Additional Step (Only for "minimum requirement" system)
  • The default credential for T-Guard:
  1. Installation

Installation Steps

PreviousPrerequisitesNextIntegration Steps

Last updated 8 days ago

First, you need to clone the repository:

git clone https://github.com/sguresearcher/nusantara.git

Move to the directory and execute the installation script:

cd nusantara
chmod +x setup.sh
./setup.sh

To install the main T-Guard components, you need to install from step 1 to step 6 in Figure 1.

Step 1: Update System and Install Prerequisites

In the step 1, during update system and install prerequisites, if you encounter a popup, just click Ok.

Step 2: Install Docker

In the step 2, after Docker installation, to make sure the Docker service is running well, you can execute the following command:

sudo systemctl status docker

The green text indicates Docker is running well as illustrated in Figrue 2.

Step 3: Install Wazuh (SIEM)

We can proceed to the next step, installing Wazuh, which serves as SIEM. This step will take quite a long time, depending on the internet connection speed.

After the Wazuh installation success, we deploy the Wazuh Agent in the machine. Insert your machine IP Address and Wazuh Agent. In example, as illustrated in Figure 4.

After the process is finished, go to your browser and check your Wazuh by following this link:

You will see a warning from the browser that the certificate is invalid as illustrated in Figure 5. This is normal because we haven’t installed the signed SSL certificate, which is recommended for production. For now, just click proceed.

The first page of Wazuh should be as illustrated in Figure 6.

Log in using the credentials mentioned at the bottom of the page. After log in, you should see Figure 7.

Step 4: Install Shuffle (SOAR)

Proceed installing Shuffle by execute step 4.

After installation process is finished, go to your browser and check your Shuffle by following this link:

http://<ip>:3001

Create administrator account and login using the credentials mentioned at the bottom of the page. After log in, you should see Figure 8.

Step 5: Install DFIR-IRIS (Incident Response/Ticketing)

Execute step 5.

After installation process is finished, go to your browser and check your IRIS by following this link:

https://<ip>:8443

Sign in using the credentials mentioned at the bottom of the page. After log in, you should see Figure 9.

Step 6: Install MISP (Threat Intell)

Execute step 6.

After installation process is finished, go to your browser and check your MISP by following this link:

https://<ip>:1443

Sign in using the credentials mentioned at the bottom of the page. After log in, you should see Figure 10.

Additional Step (Only for "minimum requirement" system)

Execute step 15, to activate swap memory.

This is the final step of the Installation Steps phase. Next, we will Integrate all the module in the next page (Integration Steps).

The default credential for T-Guard:

Service

Web Interface

Username

Password

Wazuh

https://<ip>

admin

SecretPassword

DFIR-IRIS

https://<ip>:8443

administrator

MySuperAdminPassword!

Shuffle

http://<ip>:3001

administrator

MySuperAdminPassword!

MISP

https://<ip>:1443

admin@admin.test

admin

Figure 2. Check Docker Status
Figure 3. Wazuh Installation Process

https://<your_ip>

Figure 5. Warning Page
Figure 1. T-Guard Installer Main Menu
Figure 4. Deploy the first Wazuh Agent
Figure 6. Wazuh Log In Page
Figure 7. Wazuh Home Page
Figure 8. Shuffle Home Page
Figure 9. DFIR-IRIS Home Page
Figrue 10. MISP Home Page