Cortex-Analyzers icon indicating copy to clipboard operation
Cortex-Analyzers copied to clipboard

Published 20 hours ago verified publisher icon TheHive-Project

[Bug] Impossible to link a mountpoint from the host to neurons

Open azgaviperr opened this issue 5 years ago • 3 comments
trafficstars

Describe the bug Some analyzer needs some files provided from the host to be able to work properly

To Reproduce Steps to reproduce the behavior:

  1. Share a folder from the host do docker container (ex: .yara_rule:/opt/yara_rules)
  2. Add some Yara rules to the folder
  3. Try to configurate and activate Yara 2.0
  4. Try to use the analyzer on a sample which should be detected using yara rules.
  5. See it showing no result found

Expected behavior It should be possible to add extra share parameters to cortexneurons.

Complementary information If applicable, add screenshots and any additional information that might help explain your problem.

Possible solutions Being able to create a mount point that could be used by the cortexneurons. For example, create a data_neurons and then put files and other needed by the cortexneurons form this folder.

Additional context All analyzer or Responder needing a mount of a folder will fail.

azgaviperr avatar Nov 16 '20 16:11 azgaviperr

Probably duplicated of https://github.com/TheHive-Project/Cortex-Analyzers/issues/804

dadokkio avatar Nov 16 '20 16:11 dadokkio

Yes similar issue but for official neurons

azgaviperr avatar Nov 16 '20 17:11 azgaviperr

This pb occurs with neurons run from docker image. The workaround there is to have an instance of cortex dedicated to such neurons. We are looking for a way to facilitate such configuration.

jeromeleonard avatar Nov 18 '20 07:11 jeromeleonard