Merge pull request #11384 from Security-Onion-Solutions/fix/analyzers_testing

Add a note about testing analyzers outside of the Sensoroni Docker container
2025-12-09 18:52:52 +01:00 · 2023-09-25 14:48:45 -04:00
parent 2fc4d2923d 7cb9b5f257
commit f9ace4791f
1 changed files with 6 additions and 0 deletions
--- a/salt/sensoroni/files/analyzers/README.md
+++ b/salt/sensoroni/files/analyzers/README.md
@@ -154,6 +154,12 @@ The analyzer itself will only run when a user in SOC enqueues an analyzer job, s
 python -m urlhaus '{"artifactType":"url","value":"https://bigbadbotnet.invalid",...}'
 ```

+To manually test an analyzer outside of the Sensoroni Docker container, use a command similar to the following:
+
+```bash
+PYTHONPATH=. python urlhaus/urlhaus.py '{"artifactType":"url","value":"https://bigbadbotnet.invalid",...}'
+```
+
 It is up to each analyzer to determine whether the provided input is compatible with that analyzer. This is assisted by the analyzer metadata, as described earlier in this document, with the use of the `supportedTypes` list.

 Once the analyzer completes its functionality, it must terminate promptly. See the following sections for more details on expected internal behavior of the analyzer.