mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-07-10 14:28:43 +02:00
4.2 KiB
4.2 KiB
Runbooks
Runbooks are task-oriented procedures you can follow during real operations.
Runbook 1: Production Instance from Zero to Ready
Use for first-time internal or production red-team deployment.
For local or temporary verification, start with the bundled script:
chmod +x run.sh && ./run.sh
After it is verified, decide whether to move to systemd plus reverse proxy for long-running deployment.
Preconditions
- Host is managed as an asset.
- Access path is decided: internal network, VPN, bastion, or reverse proxy.
- Model API key and model are available.
- C2, WebShell, and external MCP policy is decided.
Steps
- Prepare directory:
mkdir -p /opt/CyberStrikeAI
- Place binary and resources:
cyberstrike-ai
web/
tools/
roles/
skills/
agents/
docs/
config.yaml
- Set baseline config:
auth:
password: "<long-random-password>"
server:
host: 127.0.0.1
port: 8080
tls_enabled: false
audit:
enabled: true
c2:
enabled: false
- Configure HTTPS at the reverse proxy and restrict source IPs.
- Run with systemd.
- Login and test the model.
- Check tools and audit logs.
- Create backup policy.
Acceptance
/api/auth/validatesucceeds after login.- Model test passes.
- Tools load.
- Audit shows login.
- C2 is disabled when not needed.
Runbook 2: Connect External MCP
Preconditions
- MCP service is trusted.
- You know whether it can read/write files, execute commands, or access networks.
- Transport is chosen: stdio, HTTP, or SSE.
Steps
- Add service in External MCP page.
- For stdio, configure command, args, cwd, and env.
- For HTTP/SSE, configure URL and auth.
- Start service.
- Check
/api/external-mcp/stats. - Confirm tools and schemas.
- Execute one low-risk tool call.
- Keep high-risk tools out of global allowlist.
Acceptance
- MCP status is running.
- Tool schemas are visible.
- Agent can find tools through
tool_search. - Monitor records tool execution.
- Audit records config change.
Runbook 3: Enable and Tune Knowledge Base
Steps
- Enable config:
knowledge:
enabled: true
base_path: knowledge_base
retrieval:
top_k: 5
similarity_threshold: 0.4
- Put Markdown files under
knowledge_base/. - Scan directory.
- Rebuild index.
- Prepare 5-10 fixed test queries.
- Search and record hits.
- Tune threshold, top_k, chunking, and document titles.
Acceptance
- Index status is complete.
- Common queries hit correct docs.
- Agent consults KB when uncertain.
- Retrieval logs show query and hit docs.
Runbook 4: Authorized Web Test Workflow
- Create project and record scope.
- Start conversation and bind project.
- Choose minimal role.
- State target, time window, and prohibited actions.
- Start with read-only recon.
- Record useful leads as project facts.
- Use HITL for risky validation.
- Save confirmed issues to vulnerability management.
- Generate attack-chain/report material.
- Clean uploads, workspace, and unnecessary execution logs.
Acceptance:
- Each vulnerability has evidence, impact, reproduction, and fix.
- Risky actions have HITL records.
- Project facts reconstruct the path.
- Report excludes unrelated sensitive data.
Runbook 5: C2 Cleanup After Exercise
- Stop all listeners.
- List sessions and confirm no authorized session remains active.
- Export required task results.
- Delete or archive payloads.
- Delete stale tasks, events, and files.
- Review C2 audit trail.
- Write key results to project facts or report.
- Set
c2.enabled: falseunless continuously needed.
Acceptance:
- No running listener.
- No pending task.
- Payloads are not publicly downloadable.
- Audit/report explains the lifecycle.
Runbook 6: Agent Does Not Call a Tool
Check in order:
- Role includes the tool.
- Tool appears in
/api/config/tools. tool_searchis not hiding it.- Tool name and description are clear.
- HITL is not pending.
- Agent is not in final summarization phase.
- Sub-agent does not have a narrower tool list.
Fix:
- add tool to role;
- improve
short_description; - add to
tool_search_always_visible_tools; - prompt when to use it;
- inspect process details and monitor records.