@jcran First off, wanted to say thanks for creating this framework, it's incredible. I did have a quick question re: running tasks across multiple entities. Is it possible, after importing a set of netblocks, to run tasks against the entire entity type? i.e. netblock expand, mass scan with particular ports, etc.
Or should I just import and auto enrich at like 6 iterations?
I'd also be willing to help with documenting usage since I am using this pretty heavily.
sounds like your use case is being able to run against a list of things?
you can do this on import, by importing a file that looks like this: Netblock#1.1.1.1/24 (one per line)
and then selecting the appropriate task
if you wanted to handle things beyond that, you'd need a machine
i think there's a feature needed where the "entities" view has selectable items though, and you can then send all those items to a task?
it's a little bit more of a complex ui interaction so i've been putting it off
let me know a little more about what you're trying to accomplish and we can sort it out
If I need to use the API, I totally can.
Just wanted to make sure I wasn't missing anything in the UI
i mean, if you know the flow, machine can work
there are some simple machines
but if you're doing exploratory stuff, i can see how selecting the group would be best
need to find someone with better frontend skills than i :p
Thanks for the help!
here's my config for the m5.2xlarge's i run intrigue.io engines on:
(16GB)
:verbose: true
:dynamic: true
:concurrency: 120
:process_limits:
task: 3
control: 1
task_enrichment: 55
task_browser: 5
task_autoscheduled: 55
task_scan: 3
app: 1
but that config's pretty safe
f500 collection takes a couple hours to a couple days, depending on how big they are
It's a 2990X with 124 GB RAM so I have some headroom!
yeah you're likely to hit limits in ruby concurrency before you have any trouble there
interested to know what you find
enriching a uri will now auto-create an issue if a content check matches, and the :dynamic_issue lambda evaluates to true
the one that fired this:
so basically, you create a new content check, set it to always fire an issue when it hits, and it will
I'll keep trying to min/max it for the best outcome. I do have a few more questions of how iterations are handled (i.e. 4 vs. 6). I'm happy to write up some documentation as well since I'll be using this pretty heavily over the next few months :D
Hey jonthan, maybe you got this question a lot, i just want to know whats the machine or VPS requirements that you use, or a user should use to have intrigueio run smoothly without headache for multiple targets or very big scopes, talking about storage and memory in specific.
regarding storage, i'd suggest at least 40-80gb
FYI, this community channel is being deprecated in favor of the slack channel. Drop an email to hello[-@-]intrigue.io if you'd like an invite. We may open it up in the future: https://intrigue-community.slack.com