Dagobert is a collaborative platform designed to assist incident responders in sharing technical details during investigations and creating more effective incident response documentation. Inspired by the "Spreadsheet of Doom" utilized in the SANS FOR508 class and software like IRIS and Aurora Incident Response, Dagobert takes incident response collaboration to the next level.
🔄 Real-time Collaboration
- Simultaneous multi-user editing for live teamwork during investigations
- Audit trail for traceable decision-making
🔌 Evidence ProcessingPlugins
- Extensible plugin architecture for automated evidence handling:
⏱️ Timesketch integration
- One-click timeline uploads to Timesketch instances
- Automatic event import from Timesketch
- Bidirection synchronization of indicators (cooming soon)
📊 Office Report Generation
- Native support for DOCX/ODT report and XLSX/ODS spreadsheet templates
- Dynamic data binding for:
- Executive summaries
- Technical IOC tables
- Investigation timelines
- Style-preserving exports to Microsoft Word and LibreOffice
- Docker and Docker Compose (v2+)
- Configurred OpenID Connect provder (e.g. Keycloack, Authentik, Microsoft Entra or Google Cloud)
Dagobert ships no built-in user authentication and instead relies on the presence of an OpenID Connect provider. You need to configure your identity platform first for Dagobert to verify the identity of the user.
To ease the installation and upgrades, Dagobert is shipped in Docker containers. Thanks to Docker Compose, it can be ready in a few minutes.
-
Clone the repository
git clone https://github.com/sprungknoedl/dagobert cd dagobert -
Configure environment
cp env.model .env nano .env # update settings (see 📝 Configuration below) -
Start the stack
docker compose up -d
Access the app at [http://localhost:8080].
Production Note: Always deploy behind a HTTPS proxy like Apache, nginx or traefik.
Dagobert uses environment variables for all runtime configuration.
| Variable | Description | Example |
|---|---|---|
OIDC_ISSUER |
OpenID Connect discovery base URL of the identity provider | https://auth.example.com/realms/dagobert |
OIDC_CLIENT_ID |
Client ID assigned to Dagobert by the identity proivder | dagobert-client |
OIDC_CLIENT_SECRET |
Client secret assigned to Dagobert by the identity provider | supersecret123 |
OIDC_CLIENT_URL |
Dagobert's base URL (for OIDC callback) | https://dagobert.example.com/ |
OIDC_ID_CLAIM |
Claim to use as the user ID (sub or oid for Microsoft Entra) |
sub |
| Variable | Description | Example |
|---|---|---|
WEB_SESSION_SECRET |
Secret key used to encrypt session cookies | Generate e.g. with openssl rand -hex 32 |
Add initial admins using their OIDC identity claim:
| Variable | Description | Example |
|---|---|---|
DAGOBERT_ADMIN_0 |
First administrative user | a5fad3d3-559c-4578-a3f9-ec907ec0ddb9 |
DAGOBERT_ADMIN_N |
Any number of administrators can be added; variable must start with DAGOBERT_ADMIN_ |
All contributions in any form (be it code, documentation, design) is highly welcome!
- Fork the repository/
- Create a feature branch:
git checkout -b feat/your-idea. - Submit a PR with a clear description.
Dagobert is released under the MIT License.
For issues and inquiries, please create a GitHub Issue.