{"id":13507495,"url":"https://github.com/dfir-iris/iris-web","last_synced_at":"2026-01-12T02:56:06.087Z","repository":{"id":37873691,"uuid":"440092871","full_name":"dfir-iris/iris-web","owner":"dfir-iris","description":"Collaborative Incident Response platform","archived":false,"fork":false,"pushed_at":"2024-10-29T19:43:49.000Z","size":31804,"stargazers_count":1070,"open_issues_count":162,"forks_count":178,"subscribers_count":29,"default_branch":"master","last_synced_at":"2024-10-29T21:41:27.295Z","etag":null,"topics":["csirt-tooling","digital-forensics","digital-forensics-incident-response","forensic","forensic-analysis","forensic-tools","incident-response","python"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"lgpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dfir-iris.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["whikernel"],"open_collective":"dfir-iris"}},"created_at":"2021-12-20T08:19:15.000Z","updated_at":"2024-10-29T05:54:19.000Z","dependencies_parsed_at":"2023-12-23T19:08:27.708Z","dependency_job_id":"412d3343-eb53-426d-a5ab-21043f02dfd8","html_url":"https://github.com/dfir-iris/iris-web","commit_stats":{"total_commits":3181,"total_committers":41,"mean_commits":77.58536585365853,"dds":0.1895630304935555,"last_synced_commit":"5904a30c86e44d943ac5a4e017720a1b2a768763"},"previous_names":[],"tags_count":47,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfir-iris%2Firis-web","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfir-iris%2Firis-web/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfir-iris%2Firis-web/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfir-iris%2Firis-web/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dfir-iris","download_url":"https://codeload.github.com/dfir-iris/iris-web/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246301963,"owners_count":20755512,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csirt-tooling","digital-forensics","digital-forensics-incident-response","forensic","forensic-analysis","forensic-tools","incident-response","python"],"created_at":"2024-08-01T02:00:35.169Z","updated_at":"2026-01-12T02:56:06.081Z","avatar_url":"https://github.com/dfir-iris.png","language":"JavaScript","readme":"\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"ui/public/assets/img/logo.ico\" /\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  Incident Response Investigation System\n  \u003cbr\u003e\n  \u003ci\u003eCurrent Version v2.4.20\u003c/i\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://v200.beta.dfir-iris.org\"\u003eOnline Demonstration\u003c/a\u003e\n\u003c/p\u003e\n\n# IRIS\n\n[![License: LGPL v3](https://img.shields.io/badge/License-LGPL_v3-blue.svg)](./LICENSE.txt)   \nIris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. \n\n![demo_timeline](img/timeline_speed.gif)\n\n## Table of contents\n- [Getting Started](#getting-started)\n  - [Run IrisWeb](#run-irisweb)\n  - [Configuration](#configuration)\n- [Versioning](#versioning)\n- [Showcase](#showcase)\n- [Documentation](#documentation)\n  - [Upgrades](#upgrades)\n  - [API](#api)\n- [Help](#help)\n- [Considerations](#considerations)\n- [License](#license)\n\n\n## Getting started\nIt is divided in two main parts, IrisWeb and IrisModules.   \n - IrisWeb is the web application which contains the core of\nIris (web interface, database management, etc). \n - IrisModules are extensions of the core that allow third parties to process\ndata via Iris (eg enrich IOCs with MISP and VT, upload and injection of EVTX into Splunk). \n \nIrisWeb can work without any modules though defaults ones are preinstalled. Head to ``Manage \u003e Modules`` in the UI \nto configure and enable them. \n\n### Running Iris\nTo ease the installation and upgrades, Iris is shipped in Docker containers. Thanks to Docker compose, \nit can be ready in a few minutes.  \n\n``` bash\n#  Clone the iris-web repository\ngit clone https://github.com/dfir-iris/iris-web.git\ncd iris-web\n\n# Checkout to the last tagged version \ngit checkout v2.4.20\n# Copy the environment file \ncp .env.model .env\n\n# Pull the dockers\ndocker compose pull\n\n# Run IRIS \ndocker compose up\n```\n\nIris shall be available on the host interface, port 443, protocol HTTPS - ``https://\u003cyour_instance_ip\u003e``.  \nBy default, an ``administrator`` account is created. The password is printed in stdout the very first time Iris is started. It won't be printed anymore after that.  \n``WARNING :: post_init :: create_safe_admin :: \u003e\u003e\u003e`` can be searched in the logs of the `webapp` docker to find the password.  \nThe initial password can be set via the [configuration](https://docs.dfir-iris.org/operations/configuration/).   \n\nIris is split on 5 Docker services, each with a different role.\n\n- ``app``: The core, including web server, DB management, module management etc.\n- ``db``: A PostgresSQL database\n- ``RabbitMQ``: A RabbitMQ engine to handle jobs queuing and processing\n- ``worker``: Jobs handler relying on RabbitMQ\n- ``nginx``: A NGINX reverse proxy\n\n### Configuration\nThere are three different options for configuring the settings and credentials: Azure Key Vault, Environment Variables and Configuration Files. This is also the order of priority, if a settings is not set it will fall back on the next option.\nFor all available configuration options see [configuration](https://docs.dfir-iris.org/operations/configuration/).\n\n## Versioning\nStarting from version 2.0.0, Iris is following the [Semantic Versioning 2.0](https://semver.org/) guidelines.   \nThe code ready for production is always tagged with a version number. \n``alpha`` and ``beta`` versions are **not** production-ready.  \n\nDo not use the ``master`` branch in production. \n\n## Showcase\nYou can directly try Iris on our [demo instance](https://v200.beta.dfir-iris.org).  \nOne can also head to [tutorials](https://docs.dfir-iris.org/operations/tutorials/), we've put some videos there.  \n\n## Documentation\nA comprehensive documentation is available on [docs.dfir-iris.org](https://docs.dfir-iris.org).\n\n### Upgrades\nPlease read the release notes when upgrading versions. Most of the time the migrations are handled automatically, but some\nchanges might require some manual labor depending on the version. \n\n### API\nThe API reference is available in the [documentation](https://docs.dfir-iris.org/operations/api/#references) or [documentation repository](https://github.com/dfir-iris/iris-doc-src).\n\n## Help\nYou can reach us on [Discord](https://discord.gg/76tM6QUJza) or by [mail](mailto:contact@dfir-iris.org) if you have any question, issue or idea!   \nWe are also on [Twitter](https://twitter.com/dfir_iris) and [Matrix](https://matrix.to/#/#dfir-iris:matrix.org).  \n\n## Considerations\nIris is still in its early stage. It can already be used in production, but please set backups of the database and DO NOT expose the interface on the Internet. We highly recommend using a private dedicated and secured network.\n\n## License\nThe contents of this repository is available under [LGPL3 license](LICENSE.txt).\n\n## Sponsoring\nSpecial thanks to Deutsche Telekom Security GmbH for sponsoring us!\n\n\n","funding_links":["https://github.com/sponsors/whikernel","https://opencollective.com/dfir-iris"],"categories":["IR Tools Collection","python","Other Lists","Security Operations Tools","Tools"],"sub_categories":["All-In-One Tools","LAB","🧪 LAB","Management"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdfir-iris%2Firis-web","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdfir-iris%2Firis-web","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdfir-iris%2Firis-web/lists"}