From c95af6b9922d7b8cbf13d9b2b951243594ca7c2d Mon Sep 17 00:00:00 2001 From: weslambert Date: Mon, 25 Sep 2023 14:39:33 -0400 Subject: [PATCH 1/2] Add a note about testing analyzers outside of the Sensoroni Docker container --- salt/sensoroni/files/analyzers/README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/salt/sensoroni/files/analyzers/README.md b/salt/sensoroni/files/analyzers/README.md index 8b1f44f297..a75799558a 100644 --- a/salt/sensoroni/files/analyzers/README.md +++ b/salt/sensoroni/files/analyzers/README.md @@ -141,7 +141,6 @@ Additionally, to support airgapped users, the dependency packages themselves, an pip download -r /requirements.txt -d /source-packages ``` - ### Analyzer Architecture The Sensoroni Docker container is responsible for executing analyzers. Only the manager's Sensoroni container will process analyzer jobs. Other nodes in the grid, such as sensors and search nodes, will not be assigned analyzer jobs. @@ -154,6 +153,12 @@ The analyzer itself will only run when a user in SOC enqueues an analyzer job, s python -m urlhaus '{"artifactType":"url","value":"https://bigbadbotnet.invalid",...}' ``` +To manually test an analyzer outside of the Sensoroni Docker container, use a command similar to the following: + +```bash +PYTHONPATH=. python urlhaus/urlhaus.py '{"artifactType":"url","value":"https://bigbadbotnet.invalid",...}' +``` + It is up to each analyzer to determine whether the provided input is compatible with that analyzer. This is assisted by the analyzer metadata, as described earlier in this document, with the use of the `supportedTypes` list. Once the analyzer completes its functionality, it must terminate promptly. See the following sections for more details on expected internal behavior of the analyzer. From 7cb9b5f2577b92cbcd8d908050eaffb40812807d Mon Sep 17 00:00:00 2001 From: weslambert Date: Mon, 25 Sep 2023 14:41:20 -0400 Subject: [PATCH 2/2] Add the blank line that was removed from the previous commit --- salt/sensoroni/files/analyzers/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/sensoroni/files/analyzers/README.md b/salt/sensoroni/files/analyzers/README.md index a75799558a..19335a5453 100644 --- a/salt/sensoroni/files/analyzers/README.md +++ b/salt/sensoroni/files/analyzers/README.md @@ -141,6 +141,7 @@ Additionally, to support airgapped users, the dependency packages themselves, an pip download -r /requirements.txt -d /source-packages ``` + ### Analyzer Architecture The Sensoroni Docker container is responsible for executing analyzers. Only the manager's Sensoroni container will process analyzer jobs. Other nodes in the grid, such as sensors and search nodes, will not be assigned analyzer jobs.