Home

Awesome

<h1 align="center"> <img src="./misc/assets/strelkaui_banner.png" alt="Strelka Banner" /> </h1> <div align="center">

Releases   |   Pull Requests   |   Issues

GitHub release Build Status Pull Requests Slack License

</div>

The Strelka Web UI is a browser and API-based file submission frontend for the Strelka Enterprise File Scanner. It allows users to submit files to a Strelka cluster and review historical response results easily. The Strelka Web UI supports LDAP authentication and API access, providing a secure and flexible way to interact with the Strelka scanner. This document provides details on how to set up and use the Strelka Web UI, as well as its features and related projects.

<div align="center"> <img src="./misc/assets/strelkaui_results.gif" alt="Strelka UI Results Page" /> <h5>Strelka UI Results Page</h5> </div>

Features

The file submission UI provides the following features:

Prerequisites

Quick Start

By default, the Strelka UI is configured to use a minimal "quickstart" deployment that allows users to test the system. This deployment will target a local Strelka instance and start a local database. Users will be able to access this system with whatever username / password they want. For additional information on targeting a remote Strelka instance, database, or using LDAP for authentication, see the Additional Setup section:

Step 1: Ensure a Strelka Cluster is Ready

Start or ensure Strelka cluster is ready and accessible.
See https://github.com/target/strelka for more information.

Step 2: Build and Start Strelka UI (Docker)

# Terminal 1
# From the ./strelka-ui directory
$ docker-compose -f docker-compose.yml up

Step 3: Access Strelka UI

1) Open A Browser
2) Navigate to 0.0.0.0:8080
3) Login with:
    - Username: strelka
    - Password: strelka

Additional Steps

This section provides details on how to target a remote Strelka instance, a remote database for storage, and an LDAP server for authentication for more secure use. To enable these, you can use environment variables to override the defaults.

Environment Variable Configuration

Backend configuration is provided through environment variables and can be set statically in ./app/config/config.py.

Running locally, the precedence of config is: System environment -> .env -> ./app/config/config.py. Running in Docker, the precedence of config is: Docker environment -> System environment -> ./app/config/config.py.

Please reference ./app/example.env for environment variable setup.

Environment Variable Options

The following detail the configuration items in ./app/config/config.py.

Field NameValueRequired
STRELKA_HOSTStrelka hostname (e.g., 0.0.0.0)Yes
STRELKA_PORTStrelka port number (e.g., 57314)Yes
STRELKA_CERTPath to certificate for Strelka, if needed (e.g., /path/to/cert.pem)No
CA_CERT_PATHPath to CA certificates for LDAP, if needed (e.g., /path/to/ca_certs)No
VIRUSTOTAL_API_KEYAPI Key for VirusTotal Hash LookupYes
VIRUSTOTAL_API_LIMITLimit how many files should be scanned by VirusTotal (Default: 30)Yes
LDAP_URLURL to LDAP server (e.g., ldaps://ldap.example.com:636)No
LDAP_SEARCH_BASESearch base for LDAP queries (e.g., DC=example,DC=com)No
LDAP_USERNAME_ORGANIZATIONUsername organization for LDAP queries (e.g., org//)No
LDAP_ATTRIBUTE_ACCOUNT_NAME_FIELDLDAP attribute for account name (e.g., sAMAccountName)No
LDAP_ATTRIBUTE_FIRST_NAME_FIELDLDAP attribute for first name (e.g., givenName)No
LDAP_ATTRIBUTE_LAST_NAME_FIELDLDAP attribute for last name (e.g., sn)No
LDAP_ATTRIBUTE_MEMBER_OF_FIELDLDAP attribute for member of (e.g., memberOf)No
LDAP_ATTRIBUTE_MEMBER_REQUIREMENT_FIELDLDAP attribute for member requirement (e.g., AD Attribute)No
STATIC_ASSET_FOLDERBuild folder for UI (e.g., build)Yes
MIGRATION_DIRECTORYSQLAlchemy migrations directory (e.g., ./migrations)Yes
DATABASE_USERNAMEDatabase username (e.g., admin)Yes
DATABASE_PASSWORDDatabase password (e.g., password123)Yes
DATABASE_HOSTDatabase hostname (e.g., db.example.com)Yes
DATABASE_PORTDatabase port number (e.g., 5432)Yes
DATABASE_DBNAMEName of the database (e.g., mydb)Yes
API_KEY_EXPIRATIONDuration in days of API key expiration (e.g., 30)Yes
External Hotlink Support

You can also set a reference in the UI submission table to allow users to quickly pivot to an external site based on the request.id. By modifying ./ui/src/config.js and following the SEARCH_URL example in the following table, you can provide users with a link to an external site (e.g., SIEM / logger). Ensure your link has the string <REPLACE> in it and the UI will replace that string with the relevant file's request ID.

Supported modification fields in ./ui/src/config.js:

Field NameValueExample
SEARCH_URLSearch URL for the external applicationEx: https://search.com/?q=request.id=<REPLACE>
SEARCH_NAMESearch name for the external applicationEx: Splunk
DEFAULT_EXCLUDED_SUBMITTERSDefault users to be exluded from Submission table view. Useful for hiding automations by default.Ex: SearchBot

API

The Strelka UI also provides API routes for user script based access. Please reference the below routes for details:

Authentication routes

Strelka routes

Example

Examples for how to authenticate to the Strelka UI API, gather Scan statistics, and Submit a file using Python requests can be found in ./misc/examples/api_examples.py

Database

The database uses https://www.sqlalchemy.org/ as an ORM. Flask-Migrate is used to provide db migrations though Alembic. A helper script file, manage.py, is provided to assist with common database tasks.

If you are creating a new database, or modifying the current one, you must perform the following steps - although upon starting the cluster, these commands will be executed for you:

Generate a new migration from model changes:

Update the database using the current database configuration

Application Details

The backend application is predominantly comprised of the following technologies:

The frontend UI is a React JS application created using React served from Flask. The UI uses the Antd library and Antd ProComponents, and routing is handled by React Router.

<div align="center"> <img style="border:1px solid black;" src="./misc/assets/strelkaui_dashboard.png" alt="Strelka UI Dashboard Page" /> <h5>Strelka UI Dashboard Page</h5> </div>

Related Projects

Licensing

Strelka UI and its associated code is released under the terms of the Apache 2.0 License.

<div align="center"> <img style="border:1px solid black;" src="./misc/assets/target_banner.png" alt="Target Banner" /> </div> <!-- Links --> <!-- Badges -->