mirror of
https://github.com/EFForg/rayhunter.git
synced 2026-04-26 07:29:59 -07:00
Document reanalyzing feature, and include rayhunter-check in release
This commit is contained in:
Markus Unterwaditzer
committed by
Markus Unterwaditzer
Markus Unterwaditzer
parent
6ceced2d31
commit
806bd62a0e
26
doc/reanalyzing.md
Normal file
26
doc/reanalyzing.md
Normal file
@@ -0,0 +1,26 @@
|
||||
# Re-analyzing recordings
|
||||
|
||||
Every once in a while, Rayhunter refines its heuristics to detect more kinds of
|
||||
suspicious behavior, and to reduce noise from incorrect alerts.
|
||||
|
||||
This means that your old green recordings may actually contain data that is now
|
||||
deemed suspicious, and also old red recordings may become green.
|
||||
|
||||
You can re-analyze any old recording inside of Rayhunter by clicking on "N
|
||||
warnings" to expand details, then clicking the "re-analyze" button.
|
||||
|
||||
## Analyzing recordings on Desktop
|
||||
|
||||
If you have a PCAP or QMDL file but no rayhunter, you can analyze it on desktop
|
||||
using the `rayhunter-check` CLI tool. That tool contains the same heuristics as
|
||||
Rayhunter and will also work on traffic data captured with other tools, such as
|
||||
QCSuper.
|
||||
|
||||
You need Rust installed and the rayhunter repository checked out:
|
||||
|
||||
```sh
|
||||
cargo run -p rayhunter-check -- --path ~/Downloads/myfile.qmdl
|
||||
cargo run -p rayhunter-check -- --path ~/Downloads/myfile.pcap
|
||||
```
|
||||
|
||||
Since, 0.7.0, `rayhunter-check` is included in the release zipfile.
|
||||
Reference in New Issue
Block a user