A general job runner with two modes:
- Sensor: endpoint monitoring and response. Optional live-debugging (
--response_actions=full) - Container orchestrator: manages automation and scale. Primarily used for Shuffle Workflows.
Retrieves the relevant data you want from a host based on enabled features.
If ran in Shuffle, sensors require a Sensor Group. This is a Runtime Location with the "sensor_group: true" flag.
To install it on linux/macOS/windows, go to the Orborus downloader. This has the script you want. The full command is available on https://security.shuffler.io/monitors
For windows, go to ?os=windows - Invoke-WebRequest -Uri <url> -UseBasicParsing | Invoke-Expression
This is primarily used for running Workflows in Shuffle. Works with Docker and Kubernetes.
docker run -d \
--restart=always \
--name="shuffle-orborus" \
--pull=always \
--volume "/var/run/docker.sock:/var/run/docker.sock" \
-e ENVIRONMENT_NAME="queue name" \ # Runtime location name
-e AUTH="auth" \ # Auth for the runtime location
-e ORG="org" \ # Your Shuffle org
-e SHUFFLE_SWARM_CONFIG=run \
-e BASE_URL="http://localhost:5002" \ # Your backend
ghcr.io/shuffle/shuffle-orborus:latest
If you want to use it for your project, you can
- Orborus polls for jobs from ${BASE_URL}/api/v1/queue
- Jobs are returned in the format
Development branch:
git checkout nightly
Monitor and Respond
go run orborus.go --sensor_mode=true
Container Orchestration
go run orborus.go <flags>
Monitor and respond
--queue=Runtime Location
--auth=auth
--org_id=orgid
--software_list_enabled=true
--hd_encrypted_check=true
--screenlock_check=true
--response_actions=full
- Polls for tasks every 2-60 seconds, while sending details back realtime:
POST /api/v1/streams -H "Org-Id: queuename" -H "Org: orgid" -H "Authorization: auth" -d '{"id": "queuename"}'. The headers are used for authentication. The full available data struct is OrborusStats{} here. - Performs the tasks and sends the result back to the correct area (usually workflow execution)
- Repeat