Closed Zitrax closed 5 years ago
So the UI is just kibana for now, so when you run malice elk
it will start a docker container running kibana and link it to the elasticsearch DB backend for malice so you can look at your scan data like you were using Splunk etc etc. malice will will have a real UI that will start as a kibana plugin at first.
Sorry I lack the whole picture, if I want a UI and have Windows or Linux what is the easiest way to get it up and running? So far I only tried https://hub.docker.com/r/malice/windows-defender/ which gives me a scan result on the commandline.
I see there exists some install instructions for linux at https://hub.docker.com/r/malice/windows-defender/ but not for windows.
So the UI assumes you are using malice and not just a malice-plugin by itself. If you just want to use a particular plugin and not malice you would follow the instructions for writing to elasticsearch https://github.com/malice-plugins/windows-defender/blob/master/docs/elasticsearch.md and then launch a Kibana docker image to see the data in a Splunk like interface.
Here are some steps to link a Kibana container: https://github.com/blacktop/docker-kibana-alpine#getting-started
Is this still an issue with the latest release? https://github.com/maliceio/malice/releases/tag/v0.3.26
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
I looked at malice first time today, but I didn't manage to figure out if it's possible to get the web UI on Windows. I did find docker images at https://hub.docker.com/u/malice/ but are they command line only?
The front page here at github mentions "(assuming you are using Docker for Mac)" in the "Start Malice's Web UI" section. Does that mean it's only supported on mac? (I do have win and lin, not mac)