To write results to ElasticSearch

September 8, 2018 ยท View on GitHub

Write to a elasticsearch docker container

$ docker volume create --name malice
$ docker run -d --name elasticsearch \
                -p 9200:9200 \
                -v malice:/usr/share/elasticsearch/data \
                 blacktop/elasticsearch:6
$ docker run --rm --link elasticsearch \
             -v /path/to/malware:/malware:ro \
             -e MALICE_ELASTICSEARCH_URL=http://elasticsearch:9200 \
             malice/drweb -t FILE

Write to an external elasticsearch database

$ docker run --rm \
             -e MALICE_ELASTICSEARCH_URL=$MALICE_ELASTICSEARCH_URL \
             -e MALICE_ELASTICSEARCH_USERNAME=$MALICE_ELASTICSEARCH_USERNAME \
             -e MALICE_ELASTICSEARCH_PASSWORD=$MALICE_ELASTICSEARCH_PASSWORD \
             -e MALICE_ELASTICSEARCH_INDEX="test" \
             -v /path/to/malware:/malware:ro \
              malice/drweb -t FILE