{"id":19149541,"url":"https://github.com/alphasoc/nfr","last_synced_at":"2025-10-10T14:38:46.559Z","repository":{"id":21343993,"uuid":"78199588","full_name":"alphasoc/nfr","owner":"alphasoc","description":"A lightweight tool to score network traffic and flag anomalies","archived":false,"fork":false,"pushed_at":"2024-08-07T11:00:02.000Z","size":2841,"stargazers_count":123,"open_issues_count":13,"forks_count":19,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-08-14T12:14:04.308Z","etag":null,"topics":["bro-ids","intrusion-detection","malware-analysis","monitoring","security","suricata"],"latest_commit_sha":null,"homepage":"https://alphasoc.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alphasoc.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-01-06T11:03:25.000Z","updated_at":"2025-03-17T08:20:59.000Z","dependencies_parsed_at":"2024-06-20T11:13:50.678Z","dependency_job_id":"2c24aa1b-56f5-4e17-ad58-28e63b162282","html_url":"https://github.com/alphasoc/nfr","commit_stats":null,"previous_names":["alphasoc/namescore"],"tags_count":34,"template":false,"template_full_name":null,"purl":"pkg:github/alphasoc/nfr","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphasoc%2Fnfr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphasoc%2Fnfr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphasoc%2Fnfr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphasoc%2Fnfr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alphasoc","download_url":"https://codeload.github.com/alphasoc/nfr/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphasoc%2Fnfr/sbom","scorecard":{"id":186697,"data":{"date":"2025-08-11","repo":{"name":"github.com/alphasoc/nfr","commit":"03d7c4b8b628ba2c68a22c60a42b5a6329e09e44"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4,"checks":[{"name":"Code-Review","score":4,"reason":"Found 6/15 approved changesets -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: topLevel 'contents' permission set to 'write': .github/workflows/go.yml:8","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:82: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:176: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:179: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:188: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:194: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:206: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:219: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:241: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:248: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/go.yml:253: update your workflow using https://app.stepsecurity.io/secureworkflow/alphasoc/nfr/go.yml/master?enable=pin","Info:   0 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/go.yml:39"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: nfr_1.12.0_checksums_debian.txt.sig: https://github.com/alphasoc/nfr/releases/tag/v1.12.0","Info: signed release artifact: nfr_1.11.4_checksums_debian.txt.sig: https://github.com/alphasoc/nfr/releases/tag/v1.11.4","Info: signed release artifact: nfr_1.11.3_checksums_debian.txt.sig: https://github.com/alphasoc/nfr/releases/tag/v1.11.3","Info: signed release artifact: nfr_1.11.2_checksums_debian.txt.sig: https://github.com/alphasoc/nfr/releases/tag/v1.11.2","Info: signed release artifact: nfr_1.11.1_centos_64-bit.rpm.sig: https://github.com/alphasoc/nfr/releases/tag/v1.11.1","Warn: release artifact v1.12.0 does not have provenance: https://api.github.com/repos/alphasoc/nfr/releases/122013981","Warn: release artifact v1.11.4 does not have provenance: https://api.github.com/repos/alphasoc/nfr/releases/66593876","Warn: release artifact v1.11.3 does not have provenance: https://api.github.com/repos/alphasoc/nfr/releases/62566623","Warn: release artifact v1.11.2 does not have provenance: https://api.github.com/repos/alphasoc/nfr/releases/59347592","Warn: release artifact v1.11.1 does not have provenance: https://api.github.com/repos/alphasoc/nfr/releases/47531548"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":4,"reason":"6 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T19:55:32.968Z","repository_id":21343993,"created_at":"2025-08-16T19:55:32.968Z","updated_at":"2025-08-16T19:55:32.968Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279004178,"owners_count":26083689,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bro-ids","intrusion-detection","malware-analysis","monitoring","security","suricata"],"created_at":"2024-11-09T08:08:35.253Z","updated_at":"2025-10-10T14:38:46.538Z","avatar_url":"https://github.com/alphasoc.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Network Flight Recorder\n**NFR** is a lightweight application which processes network traffic using the [AlphaSOC Analytics Engine.](https://alphasoc.com) NFR can monitor log files on disk (e.g. Microsoft DNS debug logs, Bro IDS logs) or run as a network sniffer under Linux to score traffic. Upon processing the data, alerts are presented in either JSON or CEF format for escalation via syslog.\n\n## Installation\n[Download NFR from the releases section.](https://github.com/alphasoc/nfr/releases) Once downloaded, run NFR as follows:\n\n```\n# nfr --help\nNetwork Flight Recorder (NFR) is an application which captures network traffic\nand provides deep analysis and alerting of suspicious events, identifying gaps\nin your security controls, highlighting targeted attacks, and policy violations.\n\nUsage:\n  nfr [command] [argument]\n\nAvailable Commands:\n  account register       Generate an API key via the licensing server\n  account reset [email]  Reset the API key associated with a given email address\n  account status         Show the status of your AlphaSOC API key and license\n  read [file]            Read network events from a PCAP file on disk\n  start                  Start processing network events (inputs defined in config)\n  version                Show the NFR binary version\n  help                   Provides help and usage instructions\n\nUse \"nfr [command] --help\" for more information about a given command.\n```\n\n## Configuration\nNFR expects to find its configuration file in `/etc/nfr/config.yml`. If you installed the Debian package, an example `config.yml` would have been installed for you in `/etc/nfr`. Otherwise, you can find the example [`config.yml`](https://github.com/alphasoc/nfr/blob/master/config.yml) file in the repository's root directory. The file defines the AlphaSOC Analytics Engine location and configuration, input preferences (e.g. log files to monitor), output preferences, and other variables. If you already have AlphaSOC API key, update the file with your key and place within the `/etc/nfr/` directory.\n\nIf you are a new user, simply run `nfr account register` (as root) to create the file and generate an API key, e.g.\n\n```\n# nfr account register\nPlease provide your details to generate an AlphaSOC API key.\nA valid email address is required for activation purposes.\n\nBy performing this request you agree to our Terms of Service and Privacy Policy\n(https://www.alphasoc.com/terms-of-service)\n\nFull Name: Joey Bag O'Donuts\nEmail: joey@example.org\n\nSuccess! The configuration has been written to /etc/nfr/config.yml\nNext, check your email and click the verification link to activate your API key.\n```\n\n## Processing events from the network\nIf you are running NFR under Linux, use the `sniffer` directive within `/etc/nfr/config.yml` to specify a network interface to monitor. To monitor interface `eth1` you can use the configuration below.\n\n```\n  sniffer:\n    enabled: true\n    interface: eth1\n```\n\n## Processing events from disk\nUse the `monitor` directive within `/etc/nfr/config.yml` to actively read log files from disk. Bro IDS (Zeek) logs both DNS, IP, and HTTP traffic, whereas Suricata only logs DNS traffic. To monitor both Bro `conn.log`, `dns.log`, and `http.log` output you can use this configuration:\n\n```\nmonitor:\n  - format: bro\n    type: dns\n    file: /path/to/dns.log\n  - format: bro\n    type: ip\n    file: /path/to/conn.log\n  - format: bro\n    type: http\n    file: /path/to/http.log\n```\n\nTo process Suricata DNS output you would use:\n\n```\nmonitor:\n  - format: suricata\n    type: dns\n    file: /path/to/eve.json\n```\n\nMicrosoft DNS (`format: msdns`) and BIND over syslog (`format: syslog-named`) are also supported at this time. Please contact support@alphasoc.com if you have a particular use case and wish to monitor a file format that is not listed here. If you wish to process events from a given PCAP file on disk, please use the `read` command when running NFR.\n\n## Processing events from Elasticsearch\nUse the `elastic` directive within `/etc/nfr/config.yml` to retrieve telemetry from Elasticsearch. Both Elastic Cloud and local deployments are supported. For configuration details, see comments in `config.yml`\n\nIf your data is ECS-compliant, configuration is straightforward:\n```yaml\n  elastic:\n    enabled: true\n    hosts:\n      - localhost:9200\n    # If authorization is needed:\n    # api_key: ... # or:\n    # username: admin\n    # password: password\n\n    searches:\n      - event_type: dns\n        indices:\n          - filebeat-*\n        index_schema: ecs\n      - event_type: ip\n        indices:\n          - filebeat-*\n        index_schema: ecs\n      - event_type: http\n        indices:\n          - filebeat-*\n        index_schema: ecs\n```\n\nCurrently ECS, Graylog and custom schemas are supported. For custom schemas you can define your own search terms and/or list fields that must be present in a document to be picked by nfr for processing.\n\nUnder the hood, nfr periodically runs a search:\n```json\n{\n  \"docvalue_fields\": [\n    {\n      \"field\": \"@timestamp\", // field name defined in config\n      \"format\": \"strict_date_time\"\n    },\n    {\n      \"field\": \"event.ingested\", // field name defined in config\n      \"format\": \"strict_date_time\"\n    }\n  ],\n  \"_source\": [\n    // configurable field names\n    \"source.ip\",\n    \"source.port\",\n    \"dns.question.name\",\n    \"dns.question.type\"\n  ],\n  \"size\": 100,\n  \"query\": {\n    \"bool\": {\n      \"must\": [\n        // configurable field names\n        {\"exists\": {\"field\": \"source.ip\"}},\n        {\"exists\": {\"field\": \"dns.question.name\"}},\n        {\"exists\": {\"field\": \"dns.question.type\"}}\n      ],\n      \"filter\": [\n        {\n          // configurable filter term\n          \"term\": {\"tags\": \"zeek.dns\"}\n        },\n        {\n          \"range\": {\n            // automatically inserted to handle pagination\n            \"event.ingested\": {\n              \"gte\": \"2021-03-05T13:28:49.254Z\"\n            }\n          }\n        }\n      ]\n    }\n  },\n  \"sort\": [\n    {\n      \"event.ingested\": \"asc\"\n    }\n  ],\n  \"pit\": {\n    \"id\": \"w62xAwU...\" // Every search runs inside Point-In-Time\n  },\n  \"search_after\": [\n    1614950929254,\n    \"S8eTAngB14iTwI_2kzVm\"\n  ]\n}\n```\n\n## Monitoring scope\nUse directives within `/etc/nfr/scope.yml` to define the monitoring scope. If you installed the Debian package, an example `scope.yml` would have been installed for you in `/etc/nfr`. Otherwise, you can find the example [`scope.yml`](https://github.com/alphasoc/nfr/blob/master/scope.yml) file in the repository's root directory. Network traffic from the IP ranges within scope will be processed by the AlphaSOC Analytics Engine, and domains that are whitelisted (e.g. internal trusted domains) will be ignored. Adjust `scope.yml` to define the networks and systems that you wish to monitor, and the events to discard, e.g.\n\n```\ngroups:\n  private_network:\n    label: \"Private network\"\n    in_scope:\n      - 10.0.0.0/8\n      - 192.168.0.0/16\n    out_scope:\n      - 10.1.0.0/16\n      - 10.2.0.254/32\n    trusted_domains:\n      - \"*.example.com\"\n      - \"*.alphasoc.net\"\n      - \"google.com\"\n  public_network:\n    label: \"Private network\"\n    in_scope:\n      - 131.1.0.0/16\n  my_own_group:\n    label: \"Custom group\"\n    in_scope:\n      - 131.2.0.0/16\n    trusted_domains:\n      - \"site.net\"\n      - \"*.internal.company.org\"\n```\n\n## Running NFR\nYou may run `nfr start` via `tmux` or `screen` under Linux, or set up a service (detailed in the following section). NFR returns alert data in JSON format to `stderr`. Below an example in which raw the JSON is both stored on disk at `/tmp/alerts.json` and rendered via `jq` to make it human-readable in the terminal.\n\n```\n# nfr start 2\u003e\u00261 \u003e/dev/null | tee /tmp/alerts.json | jq .\n{\n  \"type\": \"alert\",\n  \"eventType\": \"dns\",\n  \"flags\": [\n    \"apt\",\n    \"freedns\"\n  ],\n  \"groups\": [\n    {\n      \"label\": \"default\",\n      \"desc\": \"Default\"\n    }\n  ],\n  \"threats\": {\n    \"c2_communication\": {\n      \"severity\": 5,\n      \"desc\": \"C2 communication attempt indicating infection\",\n      \"policy\": false\n    }\n  },\n  \"ts\": \"2018-09-03T09:39:47Z\",\n  \"srcIp\": \"10.15.0.4\",\n  \"query\": \"microsoft775.com\",\n  \"recordType\": \"A\"\n}\n```\n\n## Running NFR as a service\n\n### Under Linux\nIf you are using a current Linux distribution (e.g. RHEL7, Ubuntu 16), it will have [systemd](https://www.freedesktop.org/wiki/Software/systemd/) installed. Follow these steps as root to run NFR as a service. *NOTE*: If you installed the Debian package, you can skip steps 1-3 below.\n\n1. Create the NFR configuration directory and copy `config.yml` and `scope.yml` into it\n\n```\nmkdir /etc/nfr\ncp config.yml /etc/nfr\ncp scope.yml /etc/nfr\n```\n\n2. Copy the `nfr` binary into `/usr/local/bin` and ensure it's executable\n\n```\ncp nfr /usr/local/bin\nchmod a+x /usr/local/bin/nfr\n```\n3. Copy the sample NFR service file [`nfr.service`](https://github.com/alphasoc/nfr/blob/master/nfr.service) to `/etc/systemd/system/`\n\n4. Use `systemctl` to enable NFR, start the service, and review its status\n\n```\nsystemctl enable nfr\nsystemctl start nfr\nsystemctl status nfr\n```\n\nOnce NFR is installed, you can view logs and troubleshoot using `journalctl -u nfr`.\n\nTo stop and remove the service, follow these steps:\n\n```\nsystemctl stop nfr\nsystemctl disable nfr\nrm /etc/systemd/system/nfr.service\n```\n\n### Under Microsoft Windows\nTo run NFR as a service under Windows, first install [NSSM](http://nssm.cc), and follow the steps below within PowerShell as Administrator.\n\n1. Create the NFR configuration directory and copy `config.yml` and `scope.yml` into it\n\n```\nNew-Item -ItemType directory -Path $Env:AppData\\nfr\nMove-Item -Path config.yml -Destination $Env:AppData\\nfr\nMove-Item -Path scope.yml -Destination $Env:AppData\\nfr\n```\n\n2. Use NSSM to install the service, start it, and review status (__note:__ modify the path to `nfr.exe` as needed)\n\n```\nnssm.exe install nfr C:\\path\\to\\nfr.exe start\nnssm.exe start nfr\nnssm.exe status nfr\n```\n\nTo stop and remove the service, follow these steps:\n\n```\nnssm.exe stop nfr\nnssm.exe remove nfr\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphasoc%2Fnfr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falphasoc%2Fnfr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphasoc%2Fnfr/lists"}