search

mitre / multiscanner

Modular file scanning/analysis framework
http://multiscanner.readthedocs.io/
Other
616 stars 125 forks source link

Simple step-by-step #115

Open benlarsendk opened 6 years ago

benlarsendk commented 6 years ago

Wouldn't it be a good idea to create a simple introduction to the system, i.e. how to go from cloning the repo, to actually be able to analyze a file. This would be a great part, such that more people can use the framework.

awest1339 commented 6 years ago

That is a good point. If you would like to PR some, that would be much appreciated. Otherwise, we will add those as soon as possible.

Thanks!

benlarsendk commented 6 years ago

I wish I could do that, though I'm actually the guy who doesn't know how to make it working. ;-) I like how the whole thing works on paper, and I can really see some future in the project. Looking forward to see follow this. :+1:

roswitina commented 6 years ago

👍 +1

clenk commented 6 years ago

The quickest way to get started (with the web UI version) is to use Docker as described here, at least for personal rather than production use. We should probably point that out in the README.

benlarsendk commented 6 years ago

@clenk yes, that would be a good idea. I found it reading the documentation. Though I still think some introductions how to set it up in the right way. E.g. if a person just wants to scan a file using the terminal with a couple of engines, or how you might set up the webservice yourself :)

e.g. see this quote from the doc:

"THIS CONTAINER IS NOT DESIGNED FOR PRODUCTION USE. This is simply a primer for using MultiScanner's web interface. Users should not run this in production or at scale. The MultiScanner framework is highly scalable and distributed, but that requires a full install."

There is not an obvious documentation how a "full install" would be incorporated in this. Though it references a (pretty good) guide how to install as a distributed system, there's no documentation for a more simple use-case, for example if you want to use the system only on one host, or multiple scannings hosts, but want to enable a webinterface and local storage but without all the extras such as brokers, elastic etc.

clenk commented 6 years ago

@benlarsendk we just updated our readme and documentation. :) Do these changes help address this issue?

benlarsendk commented 6 years ago

Yes. This is great :) I'd like to keep this open, and I'll read the doc more carefully over the weekend. Of course you can close it if you want, it's your project. I just think it's such a great setup you guys have made, that I really think the doc's should be foolproof, so anybody can use this masterpiece :)