CLI

Usage

Scanner provides a Python CLI for validating and running tests on YAML files to aid in writing detection rules.

To install the Scanner CLI:

pip install scanner-cli

You will need to provide the API URL of your Scanner instance and an API key. Go to Settings > API Keys to find your API URL and API key.

You can either set these values as environment variables:

export SCANNER_API_URL=<Scanner API URL>
export SCANNER_API_KEY=<Scanner API key>

or provide them as arguments to the CLI:

scanner-cli <command> --api-url=<Scanner API URL> --api-key=<Scanner API key>

Validate detection rule

To validate files:

scanner-cli validate -f detections/some_detection.yaml

To validate directories:

scanner-cli validate -d detections

Only YAML files with the correct schema header will be validated. Multiple files or directories can be provided. To recursively search through directories, use the recursive flag -r.

Example

Run detection rule tests

To run detection rule tests on files:

scanner-cli run-tests -f detections/some_detection.yaml

To run detection rule tests on directories:

scanner-cli run-tests -d detections

This will only run tests on YAML files with the correct schema header. Multiple files or directories can be provided. To recursively search through directories, use the recursive flag -r.

Example

PreviousWriting Detection RulesNextManaging Synced Detection Rules

Last updated