holmes-toolbox

command module

v0.0.0-...-7de75cf Latest Latest Go to latest Published: Aug 15, 2017 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/holmesprocessing/holmes-toolbox

Links

Open Source Insights

README ¶

Holmes-Toolbox

Overview

The Holmes-Toolbox provides useful scripts for managing Holmes projects.

Highlights

Folder	Project	Description
~~linux-installer~~	~~All~~	~~Universal install scripts for convience~~
proxies	Holmes-Storage	Docker based proxies for optimizing database connections
start-scripts	Holmes-Totem, Holmes-Storage	Automatic start up scripts for systemd and upstart
test-scripts	Holmes-Totem	Directly tasks Holmes-Totem with a series of objects

How to easily move files from a local folder to Holmes-Storage

Make sure your Holmes-Storage and your Holmes-Mastergateway are running
e.g. go run push_to_holmes.go --gateway https://127.0.0.1:8090 --user test --pw test --tags '["tag1","tag2"]' --comment "mycomment" --insecure --workers 5 --src virusshare --dir $dir

Alternative way:

Move all you samples to one folder
cd into folder
find pwd -type f > out.txt
Make sure your Holmes-Storage and Gateway are running
e.g. go run push_to_holmes.go --gateway https://127.0.0.1:8090 --user test --pw test --tags '["tag1","tag2"]' --comment "mycomment" --insecure --workers 5 --src virusshare --file out.txt

How to easily task Holmes-Totem:

Create a file containing a line with the SHA256-Sum, the filename, and the source (separated by single spaces) for each sample.
e.g. go run push_to_holmes.go --gateway https://127.0.0.1:8090 --user test --pw test --tags '["tag1","tag2"]' --comment "mycomment" --insecure --tasking --file sampleFile --tasks '{"PEINFO":[], "YARA":[]}'

Resuming an incomplete upload

When executing Holmes-Toolbox for uploading samples, Holmes-Toolbox creates a new log-file in the "log"-folder. The name of the log-file is printed after Toolbox started and contains the current timestamp. If your upload crashes at some point, you can resume the upload by specifying the option --resume:

go run push_to_holmes.go --resume log/Holmes-Toolbox_2016-09-25_20:39:44.log --workers 5

All the commandline-parameters that were used for the upload which created the log-file, are automatically inserted, except for the "--workers" option. This makes it possible to start the upload with a different number of worker-threads, than before, if you experienced a bad performance before. When resuming, all the samples that were accepted before, are skipped (i.e. those that returned with a code of 200). All samples that were rejected (different code than 200) and those that were not yet tried, are uploaded.

Resuming an upload will also create a new log-file, where all the previously successful (and therefore skipped) uploads are marked with 200. You can easily get a list of all the files that were not correctly uploaded by executing

tail log/Holmes-Toolbox_2016-10-03_22:56:38.log -n +2 | grep -v 200

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

push_to_holmes.go

Directories ¶

Path	Synopsis
Legacy
linux-installer/storage
Template-Holmes-Totem-Services

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL