Installing Workbench

Workbench Command Line Interface (CLI)

$ pip install workbench_cli
$ workbench (this runs the Workbench CLI)

That’s it!

If you have a workbench server setup (somewhere) you can start using the workbench CLI client, or any of the existing clients (in workbench/clients) or even start writing your own clients against that server (see Making your own Client)

Workbench Server (Minimum Install)

The workbench server is extremely robust to worker failure. In fact it can run without many of the dependencies so you can setup a server quickly with ‘Minimum Install’ and than later do a ‘Full Install’.

Mac/OSX

$ brew install mongodb

Ubuntu (14.04 and 12.04)

$ sudo apt-get install mongodb
$ sudo apt-get install python-dev
$ sudo apt-get install g++

Workbench Python Modules

$ pip install workbench --pre
$ workbench_server

That’s it, the workbench server will come up and is ready to start servicing requests. Note: Some workers will fail to load but that is fine, to have all workers run see ‘Full Install’.

Workbench Server (Full Install)

Mac/OSX

$ brew install mongodb
$ brew install yara
$ brew install libmagic
$ brew install bro

Important

Put the bro executable in your PATH (/usr/local/bin or wherever bro is)

Ubuntu (14.04 and 12.04)

$ sudo apt-get install mongodb
$ sudo apt-get install python-dev
$ sudo apt-get install g++
$ sudo apt-get install libssl0.9.8
  • Bro IDS: In general the Bro debian package files are WAY too locked down with dependencies on exact versions of libc6 and python2.6. We have a more ‘flexible’ version Bro-2.2-Linux-x86_64_flex.deb.
    • sudo dpkg -i Bro-2.2-Linux-x86_64_flex.deb

    • If using the Debian package above doesn’t work out:

Important

Put the bro executable in your PATH (/opt/bro/bin or wherever bro is)

Install Indexers

The indexers ‘Neo4j’ and ‘ElasticSearch’ are optional. We strongly suggest you install both of them but we also appreciate that there are cases where that’s not possible or feasible.

Mac/OSX

$ brew install elasticsearch
$ pip install -U elasticsearch
$ brew install neo4j

Ubuntu (14.04 and 12.04)

  • Neo4j: See official instructions for Neo4j here
  • Note: You may need to install Java JDK 1.7. If you have Java 1.7 installed and error says otherwise, run
$ update-alternatives --config java and select Java 1.7

Workbench Python Modules

Note: Workbench is continuously tested with python 2.7. We’re currently working on Python 3 support (Issue 92).

For quick spinup just pull Workbench down from pip. If you’re going to do development

$ pip install workbench --pre
$ workbench_server

OR

$ cd workbench
$ python setup.py develop
$ workbench_server

Optional Tools

Robomongo

Robomongo is a shell-centric cross-platform MongoDB management tool. Simply, it is a handy GUI to inspect your mongodb.

  • http://robomongo.org/
  • download and follow install instructions
  • create a new connection to localhost (default settings fine). Name it as you wish.

Dependency Installation Errors

Python Modules

Note: If you get a bunch of clang errors about unknown arguments or ‘cannot link a simple C program’ add the following FLAGs:

$ export CFLAGS=-Qunused-arguments
$ export CPPFLAGS=-Qunused-arguments

**Errors when running Tests**

If when running the worker tests you get some errors like ‘MagicError: regexec error 17, (illegal byte sequence)’ it’s an issue with libmagic 5.17, revert to libmagic 5.16. Using brew on Mac:

$ cd /usr/local
$ brew versions libmagic # Copy the line for version 5.16, then paste (for me it looked like the following line)
$ git checkout bfb6589 Library/Formula/libmagic.rb
$ brew uninstall libmagic
$ brew install libmagic

Workbench CLI (on Windozes)

> cd c:\python27\lib\site-packages\workbench_cli
> python workbench   (use -s to specify alternative server if you want)

This should spin up the workbench CLI interface, the colors will be messed up (we’re working on that)