GitHub The SOC Analysts all-in-one CLI tool to automate and speed up workflow. - TheresAFewConors/Sooty
The first step is to become root and change to where you want to install it. I use the /opt directory for stand alone tools.
Now use git to pull down the Sooty. You can use subversion as well if you like.Change to the Sooty directory
To install the prereqs, run pip install -r requirements.txtOn Fedora, I don't get a clean install becuase I'm missing libffi
I'm still missing a prereq, Python.h
Install the devel package...
And run pip one last time...
And now we have satisfied all the requirements and gotten Sooty where it will run.
f you have API keys for Virustotal,
URLScan.io, AbuseIPDB, HaveIBeenPwned or PhishTank, you need to make a copy of example_config.yaml, put your API keys on the appropriate lines and save it as config.yaml.
Otherwise, you can run the program, just not with the added functionality you would have if you have API keys.
That's the install, at least for Fedora. Other distros may require other prereqs, or may not need any fiddling at all. In the second part, we'll plug an API key in and start playing with the different options
No comments:
Post a Comment