Cortex-Analyzers
Cortex-Analyzers copied to clipboard
TheHive-Project
[Bug] how to mount volume in analyzer docker container?
Describe the bug my issue is related to the closed #707
I seem to have the very same issue, running cortex 3.1.0 installed ubuntu package, and the analyzers as docker images. I followed example here to create volume and git cloned the blocklists, http://dockerlabs.collabnix.com/beginners/volume/creating-volume-mount-from-dockercli.html
However, when the analyzer runs, I get
{
"hits": [],
"count": 0
}
as the docker image doesn't mount it. Looking at the code, i guess that's expected when the analyzer doesn't find any of the iplist or netlist files.
As I run the cortex not as a docker container, there's no docker-compose to tweak.
I guess I'm missing the last step, wonder how to tell cortex to use/mount the given volume when starting up the analyzer. Any clue?
Expected behavior I would like to be able to share a host folder/volume with cortex analyzer.
Work environment
- Client OS:
- Server OS: Ubuntu 20.04.2
- Browse type and version:
- Cortex version: 3.1.0-1 Ubuntu Packages
- Cortex Analyzer/Responder name: FireHOLBlocklists
- Cortex Analyzer/Responder version: 2.0
I have exactly the same problem, but in my case, Cortex is a Docker, and the Firehol Responder is a Docker too. What I need to do in a way is to map a folder from the Cortex Docker to a folder in the Firehol Docker, because I need to put in that folder the blocklist file of Firehol so the Analyzer can read it.
I tried with the instructions in this page, https://github.com/TheHive-Project/CortexDocs/blob/master/installation/install-guide.md#docker, but is not working (I'm using "Cortex uses main docker service", not tried "docker-ception"):
Anyone know how to solve this?
Thanks!
