Threat Bus ships as pre-built Docker image. It can be used without any modifications to the host system. The Threat Bus executable is used as the entry-point of the container. You can transparently pass all command line options of Threat Bus to the container.
The pre-built image comes with all required dependencies and all existing plugins pre-installed.
Configuration Inside the Container
Threat Bus requires a config file to operate. That file has to be made available inside the container, for example via mounting it.
The working directory inside the container is
/opt/tenzir/threatbus. To mount
a local file named
my-custom-config.yaml from the current directory into the
container, use the
Depending on the installed plugins, Threat Bus binds ports to the host system.
The used ports are defined in your configuration file. When running Threat
Bus inside a container, the container needs to bind those ports to the host
system. Use the
-p) flag repeatedly for all ports you need to bind.