Question 1

How to backup the IRIS database?

Accepted Answer

Use PostgreSQL backup tools since IRIS uses a PostgreSQL database in the db container. The README recommends setting regular backups, and you can perform docker exec commands or volume backups for the container.

Question 2

IRIS vs TheHive for incident response?

Accepted Answer

IRIS is fully open-source with a modular Docker-based architecture, ideal for customization and control. TheHive has a larger community and more pre-built integrations, making it easier for standard deployments. Choose IRIS if you prioritize extensibility over out-of-the-box features.

Question 3

How to develop a custom module for IRIS?

Accepted Answer

Refer to the IrisModules documentation on GitHub. Modules are extensions that process data; you'll need to implement the module interface in Python or similar and configure it in the IRIS UI under Manage > Modules.

Question 4

Is IRIS suitable for cloud deployment?

Accepted Answer

Yes, but with caution. The README advises against exposing the interface on the internet, so deploy it in a private cloud network with security groups. Use the Docker setup on cloud VMs or container services like AWS ECS.

Question 5

How to scale IRIS for large teams?

Accepted Answer

Scale the worker services and RabbitMQ for job processing by adding more instances. The modular architecture allows horizontal scaling, but you'll need to manage database connections and app service loads as per the documentation.

IRIS

What is IRIS?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions