Install Guide
Issue TI API Key
After logging in to Financial Security Institute FCTI, go to Threat Intelligence > API Key Management in the top menu and click the Register button to issue an API key.
For detailed instructions, refer to Financial Security Institute getting started with TI API.
Set Up Logpresso connect profile
After installing the NGFCTI app on Logpresso, complete the setup by adding a connection profile as shown below. Enter the Threat Intelligence API Key, TAXII API Key, the minimum threat score to synchronize feeds (default: 1), and, if necessary, the HTTP proxy server address obtained from the NGFCTI page.
HTTP Proxy Configuration
Configure the Logpresso HTTP Proxy server to ensure that a Logpresso server communicates exclusively with the NGFCTI service via the DMZ.
- Copy the logpresso-http-proxy-1.1.0-linux.tar.gz file to the /opt/logpresso-http-proxy directory on the DMZ server.
- Run the following command to install it as a systemd service:
$ sudo ./logpresso-http-proxy install
Wrote 91 bytes to /opt/logpresso-http-proxy/logpresso-http-proxy.conf
Wrote 311 bytes to /lib/systemd/system/logpresso-http-proxy.service
- Open the newly created logpresso-http-proxy.conf file to edit port and allowed address settings. Update the file as follows:
# Logpresso HTTP proxy config file
port 8443
[allowlist]
# host:port
tiapi.kfisac.or.kr:443
taxii.kfisac.or.kr:443
- Start the Logpresso HTTP Proxy service:
- To monitor forwarded HTTP traffic in real time, use the following command. Add the proxy option to NGFCTI query commands or include the proxy server configuration in the connect profile.
$ sudo journalctl -u logpresso-http-proxy -f
5월 27 15:00:49 DEMO systemd[1]: Started Logpresso HTTP proxy.
5월 27 15:00:49 DEMO logpresso-http-proxy[10888]: [2023-05-27 15:00:49.293] [ INFO] Listening on 8443 port..
5월 27 15:02:40 DEMO logpresso-http-proxy[10888]: [2023-05-27 15:02:40.616] [ INFO] /10.0.0.100:49721 is connected to taxii.kfisac.or.kr/103.59.156.41:443