How to Updates Kuiper

To update Kuiper to a newer version, ensure to take a backup of the important files and folder.

DB Files

These are important files contains the DB files of Kuiper, the Timeline folder store the previous version of generated Timelines for each case.

elasticsearch/
mongodb/
redis/dump.rdb
kuiper/files/timeline/

Configuration Files

These files contains all customization for your environment

.env
nginx/cert/MyCertificate.crt
nginx/cert/MyKey.key
kuiper/configuration.yaml
kuiper/app/utils/build_timeline/timeline.xlsx

Artifacts Files

These files could be removed after processing and if you do not need them any more

kuiper/files/files/
kuiper/files/raw/

Parsers and Timeline Views

If you have custom Parsers or Timeline Views, it will be stored in these folders

kuiper/files/timeline_views/
kuiper/app/parsers/

Temp Files

These files are temporary files and could be removed if not needed

kuiper/files/logs/Kuiper.log
kuiper/files/logs/system_health/
kuiper/app/utils/Dracarys/temp_records/
kuiper/app/parsers/temp/
kuiper/app/parsers/WinEvents/temp/
kuiper/app/parsers/MFT_Parser/temp/

Update Instructions

Before stop the running Kuiper, ensure there are no processing on the server.

From Kuiper folder, stop the containers.

sudo docker-compose down

In a different folder download the latest version by running the command.

git clone https://github.com/DFIRKuiper/Kuiper.git

Now copy and replace all the important files from the old version to the new version, then run the dockers

sudo docker-compose up -d