search

TracecatHQ / tracecat

The open source Tines / Splunk SOAR alternative.
https://tracecat.com
GNU Affero General Public License v3.0
2.34k stars 159 forks source link

Inclusion of 'polars' Python library instead of 'polars-lts-cpu' limits who can use this #246

Closed mattdurant closed 1 month ago

mattdurant commented 1 month ago

Describe the bug The documentation does not call out in an obvious way that the use of the 'polars' library prevents anyone without AVX2 instructions from using this. That means only AMD Zen 4 and newer or Intel Ice Lake and newer are able to run this using the pre-built Docker images from the registry.

To Reproduce Run this on a machine with a CPU without AVX2 instructions. The tracecat-worker and tracecat-api container will restart endlessly with entries in the log that the CPU does not support required instructions for the polars library.

Expected behavior Give us an alternate image compiled with the polars-lts-cpu library instead of polars.

Screenshots N/A

Environment (please complete the following information):

Additional context I did use the Dockerfile from the repo to make this change myself, and while the api container runs normally now, the worker container continues to restart repeatedly.

topher-lo commented 1 month ago

@mattdurant on it. Expect fix in the next hour šŸ«”

mattdurant commented 1 month ago

@topher-lo thanks for the fast turnaround, really looking forward to playing with this. i didn't see any contribution guidelines, are you guys accepting PRs for more integrations/actions?

topher-lo commented 1 month ago

The new image should be out in ~15-30 minutes: https://github.com/TracecatHQ/tracecat/actions/runs/9980507504

@topher-lo thanks for the fast turnaround, really looking forward to playing with this. i didn't see any contribution guidelines, are you guys accepting PRs for more integrations/actions?

@mattdurant we've got docs on building new integrations here: https://docs.tracecat.com/concepts/user-defined-functions. It's a really clean API (we designed it for ourselves after getting frustrated building integrations in other soar / workflow platforms...)

As for the contribution guidelines, we are working on it. Still a new project (first line of code in March), stabilizing our core features and user experience, but we have a really cool community strategy in mind. More on our approach to public integrations / playbooks library around DEFCON (2nd week August).

topher-lo commented 1 month ago

Is there any particular integration you're looking for? @mattdurant (shall we take this over to Discord: https://discord.gg/n3GF4qxFU8). You'll find me as the same laser eyed cat.