mquery documentation

User guide

• Installation: Installation instruction.
• Configuration: Additional configuration options.
• Components: More detailed description of mquery components.
• Indexing: Indexing files is one of the most important things in mquery. In simple cases it can be solved without leaving the web UI, but many things will require more advanced approach. Read this if you need to index a considerable number of files.
• How to write good yara rules: How to write YARA rules that will work well in mquery.
• Yara support and limitations: Explains how mquery accelerates queries, what will, and what won’t work.
• Utility scripts: Mquery ships with a few useful scripts. Here you can find documentation for them.
• For future contributors: How to contribute.

How to…

• Install mquery natively (without docker)
• Integrate mquery with s3

Relevant ursadb’s documentation

Ursadb is the backend doing the heavy lifting for mquery. If you need to work with large datasets, it’s a very useful read. It is also a prerequisite for understanding many things in mquery.

• Index types: Picking index types you need is an important decision that’s hard to change later.
• Datasets: Introduction to datasets.
• Performance and limits: Read in case you’re not sure if Ursadb can handle your collection.
• On-disk format: Ursadb index format is relatively simple - reading this may be useful for advanced users.

Advanced topics

Relevant for people who want to run mquery in production or on a a bigger scale.

• Security: Security considerations for hardening your mquery instance.
• Distributed mquery: For users that want to run mquery on more than one machine.
• On-disk format: Read if you want to understand ursadb’s on disk format (spoiler: many files are just JSON and can be inspected with vim).
• Plugin system: For filtering, processing and tagging files.
• Database format: Information about the data stored in the database.
• Redis applications: Of historical interest, redis is used only for rq now.
• User management: Control and manage access to your mquery instance.
• API: Mquery exposes a simple API that you may use for your automation.