To write results to ElasticSearch
September 3, 2018 ยท View on GitHub
Write to a elasticsearch docker container
$ docker volume create --name malice
$ docker run -d --name elasticsearch \
-p 9200:9200 \
-v malice:/usr/share/elasticsearch/data \
blacktop/elasticsearch:6
$ docker run --rm --link elasticsearch \
-v /path/to/malware:/malware:ro \
-e MALICE_ELASTICSEARCH_URL=http://elasticsearch:9200 \
malice/mcafee -t FILE
Write to an external elasticsearch database
$ docker run --rm \
-e MALICE_ELASTICSEARCH_URL=$MALICE_ELASTICSEARCH_URL \
-e MALICE_ELASTICSEARCH_USERNAME=$MALICE_ELASTICSEARCH_USERNAME \
-e MALICE_ELASTICSEARCH_PASSWORD=$MALICE_ELASTICSEARCH_PASSWORD \
-e MALICE_ELASTICSEARCH_INDEX="test" \
-v /path/to/malware:/malware:ro \
malice/mcafee -t FILE