### Run Docker Compose Preparation Script Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/installation.md After cloning the repository, execute this script to prepare and configure the Docker Compose environment. It guides you through the setup process for a local deployment. ```bash ./docker-compose.sh ``` -------------------------------- ### Install Helm Chart from legacy repository into namespace Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/helm-chart.md This command installs the CISO Assistant Helm chart from the `intuitem` repository, using the customized values from `my-values.yaml`, into the `ciso-assistant` namespace. The release will be named `my-octopus`. ```sh helm install my-octopus intuitem/ciso-assistant -f my-values.yaml -n ciso-assistant ``` -------------------------------- ### Install WSL Ubuntu Distribution Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/windows.md Installs the Ubuntu 24.04 distribution for Windows Subsystem for Linux (WSL) using the `wsl` command. This is a prerequisite for Docker Desktop's WSL2 backend. ```sh wsl --install ubuntu-24.04 ``` -------------------------------- ### Install Helm Chart from GH OCI registry Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/helm-chart.md This command installs the CISO Assistant Helm chart from the GitHub OCI registry, using the customized values provided in `custom.yaml`. The release will be named `ciso-assistant-release`. ```sh helm install ciso-assistant-release oci://ghcr.io/intuitem/helm-charts/ce/ciso-assistant -f custom.yaml ``` -------------------------------- ### Start CISO Assistant Docker Containers Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/deploy-on-a-vps.md Commands to switch to a superuser and execute the generated docker-compose script to start the CISO Assistant application containers after the configuration is complete. ```sh # switch to sudo. This can be avoided depending on your docker setup sudo su ./docker-compose.sh ``` -------------------------------- ### Run CISO Assistant Docker Compose Script Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/remote-virtualization.md This command executes the `docker-compose.sh` script to start the CISO Assistant application. It should be run after Docker is installed, DNS entries are configured, and the `docker-compose.yml` file has been edited as specified in the guide. ```Shell ./docker-compose.sh ``` -------------------------------- ### Add Helm repository for CISO Assistant Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/helm-chart.md This command adds the official CISO Assistant Helm chart repository to your Helm configuration, allowing you to access charts from `https://intuitem.github.io/ca-helm-chart/`. ```sh helm repo add intuitem https://intuitem.github.io/ca-helm-chart/ ``` -------------------------------- ### Clone CISO Assistant Repository with Git Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/installation.md This command clones the CISO Assistant community repository from GitHub, which is the first step for a Docker Compose based installation. It fetches all necessary files to your local system. ```bash git clone https://github.com/intuitem/ciso-assistant-community.git ``` -------------------------------- ### VPS Preparation and CISO Assistant Configuration Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/deploy-on-a-vps.md Commands to update the Ubuntu OS, install Docker and Python, clone the CISO Assistant repository, set up a Python virtual environment, install dependencies, and run the interactive configuration generator for the CISO Assistant application on a VPS. ```sh #update ubuntu repository and OS sudo apt update sudo apt upgrade # install docker sudo snap install docker #install python sudo apt install python3-pip python3.12-venv #clone the repo git clone https://github.com/intuitem/ciso-assistant-community.git #go to the config generator cd ciso-assistant-community cd config # setting up the python project and dependencies python3 -m venv .venv source .venv/bin/activate pip install -r requirements.txt # run the interactive config generator python make_config.py ``` -------------------------------- ### Install Python Dependencies for CISO Assistant Framework Conversion Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/customization/getting-your-custom-framework.md This command installs the necessary Python packages required by the `convert_library.py` script to convert Excel files to YAML for CISO Assistant custom frameworks. It uses the `requirements.txt` file located in the `/tools` directory. ```Shell pip install -r requirements.txt ``` -------------------------------- ### Run Docker Compose with Prebuilt Images Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/local.md Executes the `docker-compose.sh` script to pull and run prebuilt Docker images for the CISO Assistant application. This command cleans up previous images and fetches the latest stable release, then prompts for superuser setup. ```Shell ./docker-compose.sh ``` -------------------------------- ### Create Kubernetes namespace for CISO Assistant Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/helm-chart.md This command creates a dedicated Kubernetes namespace named `ciso-assistant` for the deployment. Deploying applications in their own namespaces helps with resource isolation and management. ```sh kubectl create ns ciso-assistant ``` -------------------------------- ### Retrieve Helm Chart values from legacy repository Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/helm-chart.md This command fetches the default configuration values for the CISO Assistant Helm chart from the `intuitem` repository and saves them to a `my-values.yaml` file. This file should be reviewed and adjusted, especially the `frontendOrigin` parameter. ```sh helm show values intuitem/ciso-assistant > my-values.yaml ``` -------------------------------- ### Add Helm Repository for CISO Assistant Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/installation.md This command adds the official Helm chart repository for CISO Assistant to your Helm configuration. This allows you to fetch and install the CISO Assistant application using Helm. ```bash helm repo add intuitem https://intuitem.github.io/ca-helm-chart/ ``` -------------------------------- ### Install CISO Assistant Helm Chart Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/installation.md This command installs the CISO Assistant Helm chart into your Kubernetes cluster. It uses the 'my-values.yaml' file for custom configurations and deploys the application into the 'ciso-assistant' namespace under the release name 'my-octopus'. ```bash helm install my-octopus intuitem/ciso-assistant -f my-values.yaml -n ciso-assistant ``` -------------------------------- ### Create Superuser via Docker Compose (Manual Setup) Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/frequent-questions.md Command to manually create the first superuser for the CISO Assistant backend in a Docker Compose environment, used as a follow-up step when the automated initialization script is skipped or cannot be run. ```Shell docker compose exec backend poetry run python manage.py createsuperuser ``` -------------------------------- ### Retrieve Helm Chart values from GH OCI registry Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/helm-chart.md This command fetches the default configuration values for the CISO Assistant Helm chart from the GitHub OCI registry and saves them to a `custom.yaml` file. This file can then be modified to customize the deployment. ```sh helm show values oci://ghcr.io/intuitem/helm-charts/ce/ciso-assistant > custom.yaml ``` -------------------------------- ### Start Docker Compose Services in Detached Mode Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/frequent-questions.md Command to start all defined services in the Docker Compose file in the background, typically used for initial deployment or restarting the application without blocking the terminal. ```Shell docker compose up -d ``` -------------------------------- ### Retrieve Default Helm Chart Values Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/installation.md Use this command to download the default configuration values of the CISO Assistant Helm chart into a 'my-values.yaml' file. This file can then be customized to fit specific deployment requirements, such as 'frontendOrigin'. ```bash helm show values intuitem/ciso-assistant > my-values.yaml ``` -------------------------------- ### Create Kubernetes Namespace for CISO Assistant Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/installation.md This 'kubectl' command creates a dedicated Kubernetes namespace named 'ciso-assistant'. It's recommended to deploy applications into their own namespaces for better organization and resource isolation within the cluster. ```bash kubectl create ns ciso-assistant ``` -------------------------------- ### Bypass PowerShell Execution Policy Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/windows.md Sets the PowerShell execution policy for the current process to 'Bypass'. This allows scripts to run without restriction for the duration of the current session, often used for temporary setup or installation scripts. ```powershell Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass ``` -------------------------------- ### Rebuild Docker Images Locally Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/local.md Executes the `docker-compose-build.sh` script to rebuild Docker images for the CISO Assistant application locally. This is an alternative method if using prebuilt images fails or for unsupported architectures. ```Shell ./docker-compose-build.sh ``` -------------------------------- ### Convert Excel to YAML for CISO Assistant Custom Framework Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/customization/getting-your-custom-framework.md This command executes the `convert_library.py` Python script to convert a specified Excel file containing custom framework data into a YAML file. The output YAML file can then be imported into CISO Assistant. Replace `myframework/my-custom-framework.xlsx` with the actual path to your Excel file. ```Shell python3 convert_library.py myframework/my-custom-framework.xlsx ``` -------------------------------- ### Trigger Database Migration via Docker Compose Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/frequent-questions.md Command to manually initiate database schema migrations for the CISO Assistant backend within a Docker Compose setup, ensuring all database increments are applied correctly, especially after upgrades or silent failures. ```Shell docker compose exec backend poetry run python manage.py migrate ``` -------------------------------- ### Docker Compose Environment Variable Syntax Best Practice Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/setting-up-mailer.md This example demonstrates the correct and incorrect ways to define environment variables in Docker Compose. It highlights that including spaces around the equals sign (=) will lead to the variable being silently ignored, which is a common pitfall. Always ensure no spaces are present around the assignment operator. ```sh MY_VARIABLE=value MY_VARIABLE = value ``` -------------------------------- ### Configure SAML Reply URL for CISO Assistant Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/features-highlight/sso/microsoft-entra-id.md Specifies the required Reply URL format for CISO Assistant's SAML Assertion Consumer Service (ACS) endpoint, along with a localhost example. This URL is where Microsoft Entra ID sends SAML responses. ```APIDOC Reply URL: /api/accounts/saml/0/acs/ Example: https://localhost:8443/api/accounts/saml/0/acs/ ``` -------------------------------- ### Prepare CIS Controls Excel for Import Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/customization/cis-controls.md To import CIS Controls, the `CIS_Controls_Version_8.xlsx` file needs preparation. Two methods are provided: either place the Excel file in the tools folder and run `convert_cis.sh`, or alternatively, run `cis/prep_cis.py` (mentioning a short string as packager) and then pass the resulting Excel sheet to `convert_library.py`. ```bash convert_cis.sh ``` ```bash python cis/prep_cis.py python convert_library.py ``` -------------------------------- ### Create Superuser via Docker Compose (Troubleshooting) Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/frequent-questions.md Command to create a superuser for the CISO Assistant backend in a Docker Compose environment, used when the initial user creation prompt was missed or the password is lost. ```Shell docker compose exec backend poetry run python manage.py createsuperuser ``` -------------------------------- ### Mailer Service Environment Variable Configuration Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/setting-up-mailer.md This snippet provides a set of essential environment variables for configuring an email sending service. It covers the sender's email address, the mail server host and port, authentication credentials, and whether to use TLS encryption. These variables are crucial for enabling the application to send emails. ```sh DEFAULT_FROM_EMAIL=purple@ciso-assistant.fr EMAIL_HOST=localhost EMAIL_PORT=1025 EMAIL_HOST_USER=purple EMAIL_HOST_PASSWORD=dummy-unsafe-example EMAIL_USE_TLS=True ``` -------------------------------- ### Update CISO Assistant using the update script Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/updating-your-local-instance.md This script provides the easiest way to update your on-prem or local instance of CISO Assistant, applicable for both pro and community versions. It automates the update process. ```bash ./update-ciso-assistant.sh ``` -------------------------------- ### Okta SAML Application Configuration Parameters Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/features-highlight/sso/okta.md Essential URLs and identifiers for setting up the SAML 2.0 application within the Okta admin console. ```APIDOC Okta Admin Console URL Pattern: URL: https://.okta.com/admin/dashboard SAML Application Settings: Single Sign-On URL: Pattern: /api/accounts/saml/0/acs/ Example: https://localhost:8443/api/accounts/saml/0/acs/ Audience URI (SP Entity ID): Description: Must match the SP Entity ID configured in CISO Assistant. Application Username: Value: Email ``` -------------------------------- ### Create Superuser via Docker Container (Troubleshooting) Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/frequent-questions.md Commands to identify and execute the superuser creation script directly within a specific CISO Assistant backend Docker container, useful when Docker Compose is not used or a specific container needs targeting. ```Shell docker ps -a | grep backend ``` ```Shell docker exec -it poetry run python manage.py createsuperuser ``` -------------------------------- ### Clean Up CISO Assistant Deployment Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/deploy-on-a-vps.md Commands to stop and remove CISO Assistant Docker containers, and delete associated database and proxy configuration files, effectively cleaning up the deployment environment. ```sh cd config # stop and remove containers docker compose -f docker-compose-custom.yml rm -fs # delete the db and proxy config git clean -fdx . ``` -------------------------------- ### Backup CISO Assistant SQLite database Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/updating-your-local-instance.md Before performing a manual update, it is a good practice to back up your SQLite database file. This command copies the database to a location outside the repository folder to prevent data loss during updates. ```bash cp db/ciso-assistant.sqlite3 ../ciso-assistant-backup.sqlite3 ``` -------------------------------- ### View Docker Compose Backend Logs Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/frequent-questions.md Command to display the logs of the CISO Assistant backend service running under Docker Compose, essential for diagnosing issues after upgrades or during general troubleshooting. ```Shell docker compose logs backend ``` -------------------------------- ### Configure Frontend Body Size Limit in Dockerfile Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/frequent-questions.md Illustrates the BODY_SIZE_LIMIT environment variable definition within the frontend Dockerfile, which dictates the maximum allowed size for file uploads. This value must be adjusted to accommodate larger files. ```Dockerfile # frontend/Dockerfile ENV BODY_SIZE_LIMIT=20000000 ``` -------------------------------- ### Clean up previous CISO Assistant Docker images Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/updating-your-local-instance.md Remove old Docker images for CISO Assistant backend and frontend to ensure that fresh images are pulled during the update process. The '2> /dev/null' suppresses any error messages if images are not found. ```bash docker rmi ghcr.io/intuitem/ciso-assistant-community/backend:latest ghcr.io/intuitem/ciso-assistant-community/frontend:latest 2> /dev/null ``` -------------------------------- ### Configure SELinux context for Docker volume Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/special-cases.md This command changes the SELinux security context of the specified directory to `svirt_sandbox_file_t`. This context is typically required to allow Docker containers to mount and access volumes successfully when SELinux is in enforcing mode, preventing permission denied errors. ```Shell chcon -Rt svirt_sandbox_file_t ./db ``` -------------------------------- ### Data Import: Assets Fields Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/data-import-wizard.md Defines the supported fields, their types, and special considerations for importing 'Assets' data. Mandatory fields are marked with an asterisk. ```APIDOC Assets Data Fields: ref_id: string name*: string description: string domain: string type: string (enum: PR, SP) PR: primary SP: supporting Special Considerations: type: defaults to 'supporting' if not set ``` -------------------------------- ### Data Import: Findings Followup Fields Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/data-import-wizard.md Defines the supported fields and their types for importing 'Findings Followup' data, typically for pentest results. Mandatory fields are marked with an asterisk. ```APIDOC Findings Followup Data Fields: ref_id: string name*: string description: string severity: string (enum: low, medium, high, critical) status: string (enum: identified, confirmed, dismissed, assigned, in_progress, mitigated, resolved, deprecated) ``` -------------------------------- ### Google Workspace SAML Application Configuration Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/features-highlight/sso/google-workplace.md Provides the essential configuration parameters and attribute mappings required to set up a custom SAML application in Google Workspace for integration with CISO Assistant, including the Assertion Consumer Service (ACS) URL, Service Provider (SP) Entity ID, Name ID format, and claims for first and last names. ```APIDOC ACS URL: /api/accounts/saml/0/acs/ Entity ID: ciso-assistant (default) Name ID Format: Email ``` ```APIDOC First name mapping: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname Last name mapping: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname ``` -------------------------------- ### Data Import: Perimeters Fields Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/data-import-wizard.md Defines the supported fields and their types for importing 'Perimeters' data. Mandatory fields are marked with an asterisk. ```APIDOC Perimeters Data Fields: ref_id: string name*: string description: string domain: string status: string (enum: undefined, in_design, in_dev, in_prod, eol, dropped) ``` -------------------------------- ### Data Import: Applied Controls Fields Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/data-import-wizard.md Defines the supported fields, their types, and special considerations for importing 'Applied Controls' data. Mandatory fields are marked with an asterisk. ```APIDOC Applied Controls Data Fields: ref_id: string name*: string description: string domain: string status: string (enum: to_do, in_progress, on_hold, active, deprecated) category: string (enum: policy, process, technical, physical, procedure) priority: integer (range: 1 to 4) csf_function: string (enum: govern, identify, protect, detect, respond, recover) Special Considerations: status: defaults to 'to_do' csf_function: defaults to 'govern' ``` -------------------------------- ### CISO Assistant SAML IdP Parameters from Okta Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/features-highlight/sso/okta.md Key parameters to be extracted from the configured Okta SAML application and used to configure CISO Assistant as a Service Provider. ```APIDOC Parameters from Okta SAML 2.0 Settings: Metadata URL: Source: Okta SAML 2.0 Settings box Usage: Paste into CISO Assistant's Metadata URL field IdP Entity ID (Issuer URL): Source: Okta SAML 2.0 Settings box Usage: Paste into CISO Assistant's IdP Entity ID field ``` -------------------------------- ### Data Import: Audits Fields Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/guide/data-import-wizard.md Defines the supported fields, their types, and special considerations for importing 'Audits' data. Mandatory fields are marked with an asterisk. ```APIDOC Audits Data Fields: urn*: string assessable: string ref_id*: string name: string description: string compliance_result: string (enum: not_assessed, partially_compliant, non_compliant, compliant, not_applicable) requirement_progress: string (enum: to_do, in_progress, in_review, done) score: integer (range: 0 to 100) observations: string Special Considerations: Matching Logic: attempts to match by ref_id, then falls back to urn. Row skipped if no match. name, description: not used for import, serve as reference. Unassessable rows: skipped. ``` -------------------------------- ### Stop and remove Docker containers for CISO Assistant Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/updating-your-local-instance.md This command stops and removes the running Docker container instances for CISO Assistant. It's a crucial step to ensure a clean state before pulling new images and recreating containers during a manual update. ```bash docker compose down ``` -------------------------------- ### Refresh CISO Assistant Docker images and restart containers Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/deployment/updating-your-local-instance.md This command triggers Docker Compose to pull the latest images and recreate the containers, effectively updating the CISO Assistant instance. The '-d' flag runs containers in detached mode, allowing the terminal to be used for other tasks. ```bash docker compose up -d #remove -d if you want the logs directly in your shell ``` -------------------------------- ### Okta SAML User Attribute Mappings Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/features-highlight/sso/okta.md Standard XML Schema URIs used to map user's first and last names from Okta to claims in the SAML assertion. ```APIDOC Attribute Statements: First Name: Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname Maps to: user's first name Last Name: Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname Maps to: user's last name ``` -------------------------------- ### Map Microsoft Entra ID SAML Identifiers to CISO Assistant Source: https://github.com/intuitem/ciso-assistant-doc/blob/main/features-highlight/sso/microsoft-entra-id.md Outlines the mapping of key SAML configuration parameters between Microsoft Entra ID (Identity Provider) and CISO Assistant (Service Provider). This includes the Service Provider Entity ID, Identity Provider Entity ID, and the Metadata URL. ```APIDOC CISO Assistant (Service Provider) Parameters: SP Entity ID: Must match the "Entity ID" configured in Microsoft Entra ID's Basic SAML Configuration. Metadata URL: Copied from Microsoft Entra ID's "App Federation Metadata Url" in SAML Certificates. IdP Entity ID: Copied from Microsoft Entra ID's "Microsoft Entra Identifier" in Set up . ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.