diff --git a/README.md b/README.md index 909bc604..c9a80e69 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ -# RedEye - -Red Team C2 Log Visualization +# **RedEye**: Red Team C2 Log Visualization

RedEye Screenshot @@ -14,27 +12,39 @@ RedEye can assist an operator to efficiently: - Display and evaluate complex assessment data to enable effective decision making. - Gain a clearer understanding of the attack path taken and the hosts compromised during a Red Team assessment or penetration test. -Red Team: [![Red Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/rsybgk&style=flat&logo=cypress)](https://cloud.cypress.io/projects/rsybgk/runs) +| **Red Team** | **Blue Team** | +|:------------:|:-------------:| +| [![Red Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/rsybgk&style=flat&logo=cypress)](https://cloud.cypress.io/projects/rsybgk/runs) | [![Blue Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/46ahz3&style=flat&logo=cypress)](https://cloud.cypress.io/projects/46ahz3/runs) | -Blue Team: [![Blue Team](https://img.shields.io/endpoint?url=https://cloud.cypress.io/badge/simple/46ahz3&style=flat&logo=cypress)](https://cloud.cypress.io/projects/46ahz3/runs) +--- -## [User Guide](https://github.com/cisagov/RedEye/blob/develop/docs/UserGuide.md) +## ⚠️ This Repo Currently in Maintenance Mode ⚠️ -Follow along with the [User Guide](https://github.com/cisagov/RedEye/blob/develop/docs/UserGuide.md) to learn about RedEye's feature set. +This GitHub repository is no longer under active development. We'll review community issues and pull requests for bug fixes, but won't consider any new feature additions. + +--- ## Quick start 1. **Download** the latest RedEye binaries for your OS[\*](#platform-support) from the [Releases](https://github.com/cisagov/RedEye/releases) page. - 2. **Pick a mode** and **Run the server** - - [ **Red Team mode**](#red-team) enables the full feature set: upload C2 logs, explore data, and create presentations. To start the server in Red Team mode, run the following in a terminal. _You must provide a password to run in RedTeam mode._ - ``` - ./RedEye --redTeam --password - ``` - - [**Blue Team mode**](#blue-team) (default) enables a simplified, read-only UI for reviewing campaigns exported by a Red Team. To start the server in Blue Team mode. Double-click on the 'RedEye' executable or run `./RedEye` from the command line. +2. **Pick a mode** and **Run the server** + - [ **Red Team mode**](#red-team) enables the full feature set: upload C2 logs, explore data, and create presentations. _You must provide a password to run in Red Team mode._ To start the server in Red Team mode, run the following in a terminal. + ``` + ./RedEye --redTeam --password + ``` + - [**Blue Team mode**](#blue-team) (default) enables a simplified, read-only UI for reviewing campaigns exported by a Red Team. To start the server in Blue Team mode, run the following in a terminal. + ``` + ./RedEye # Or simplify double-click the "RedEye" executable + ``` 3. **Use the web app** in a browser at http://127.0.0.1:4000. The RedEye binary runs as a server in a terminal window and will automatically open the web app UI your default browser. You must close the terminal window to quit the RedEye server. +4. Try importing the [gt.redeye](https://github.com/cisagov/RedEye/raw/develop/applications/redeye-e2e/src/fixtures/gt.redeye) example dataset to get started. Or try a different [example dataset](#example-datasets). _**MacOS Issue** - When running RedEye for the first time, you may get a "not verified" error. You must go to "System Preferences" > "Security & Privacy" > "General" and click "Open Anyway." More info on the [Apple support page](https://support.apple.com/guide/mac-help/open-a-mac-app-from-an-unidentified-developer-mh40616/)._ +### Follow the [User Guide](https://github.com/cisagov/RedEye/blob/develop/docs/UserGuide.md) to learn about RedEye's feature set. + +--- + ## Red Team & Blue Team Modes RedEye has two modes that cover two stages of the Red Teaming process. [Red Team mode](#red-team) allows importing C2 data, editing imported data, and making comments and presentations. After curating and annotating campaign data, Red Teams can export their campaign as a standalone `.redeye` file and [hand it off to a Blue Team](#blue-team-presentation-handoff) for reporting and remediation. [Blue Team mode](#blue-team) runs RedEye in a simplified read-only mode for viewing curated data exported by a Red Team. @@ -88,6 +98,14 @@ Folder/ `.redeye` files can also be uploaded in Blue Team mode via the "+ Add Campaign" dialog. +## Example Datasets +There are example datasets in this repo available for download. These are located in the [./applications/redeye-e2e/src/fixtures](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures) folder. +- **gtdataset** - available as [gt.redeye](https://github.com/cisagov/RedEye/raw/develop/applications/redeye-e2e/src/fixtures/gt.redeye) and as [Cobalt Strike Logs](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures/gtdataset) +- **smalldata** - available as [smalldata.redeye](https://github.com/cisagov/RedEye/raw/develop/applications/redeye-e2e/src/fixtures/smalldata.redeye) and as [Cobalt Strike Logs](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures/smalldata) +- **testdata** - available as [Cobalt Strike Logs](https://github.com/cisagov/RedEye/tree/develop/applications/redeye-e2e/src/fixtures/testdata) + +You may want to use a tool like [download-directory.github.io](https://download-directory.github.io/) to download just one folder of a github repo + -### RedEye Server parameters +## RedEye Server Parameters Type `./Redeye -h` to view the options diff --git a/docs/images/RedEye-Hero-Screenshot.png b/docs/images/RedEye-Hero-Screenshot.png index 6ece73bb..6e60bb03 100644 Binary files a/docs/images/RedEye-Hero-Screenshot.png and b/docs/images/RedEye-Hero-Screenshot.png differ