Vent Quickstart Guide¶
Getting Vent set up is quick and easy.
1. First, use pip to install the latest stable version of Vent:
Using pip:pip3 install vent && vent
Developer versions of Vent are available but may not be entirely stable.
Using Docker:docker pull cyberreboot/vent docker run -it vent_image_id
In order to avoid having to use sudo or run docker as root, adding your current user to the docker group is the recommended way to work.
Using Git:git clone https://github.com/CyberReboot/vent cd vent && make && vent
2. Now that Vent has started, let’s add, build, and start the core tools.
- In the main menu, press
^Xto open the action menu
Core Toolsor press
Add all latest core toolsor press
i. Vent will now clone the core tools’ directories from CyberReboot/vent.
Build core toolsfrom the core tools sub-menu and use the arrow keys and the Enter key to press
OK. It’s possible to choose which core tools are built using the Space key. Boxes with an
Xin them have been selected. Note that building the core tools takes a few minutes. Please be patient while Vent creates the images.
- Once the tool images are built, go back to the core tools sub-menu from main action menu and select
Start core toolsand hit
OK. Much like
Build core tools, it’s possible to select which core tools are started.
3. The core tools’ containers are up and running. Next, let’s add some plugins.
- From the action menu, Select
Add new pluginor press
- For this quick start guide, we will use one of the example plugins provided from CyberReboot/vent-plugins. So just hit
OKon the form.
- Press the Space key to choose the
masterbranch and hit
- Uncheck all the boxes except for
OK. Depending on the plugin, add times may vary so it is not unusual for long plugin add times.
4. Now we have a plugin that can process files with the extension
- Now, at the Vent main menu, look for the field
File Drop. This is the folder that Vent watches for new files.
- Move or copy a
.pcapfile into the path. Vent will recognize this new file and start
tcpdump_hex_parser. Depending on the size of the
.pcapfile, it could take anywhere from a few seconds to minutes. You should see the
jobs runningcounter increase by one and, after the plugin is finished running, the
completed jobscounter will increase by one.
5. Let’s look at the results of the plugin using elasticsearch.
- From the action menu, select
Services Runningand select
- Copy the address next to
elasticsearchinto the web browser of choice.
- On the main page, there should be a section with
pcapwith the results of the plugin.
Congrats! Vent is setup and has successfully recognized the pcap file and ran a
plugin that specifically deals with pcaps. You can now remove the
tcpdump_hex_parser via the
Plugins sub-menu and create and install your own
Custom Vent Plugins