forked from jpalardy1752/crits-adapter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.default_config.yaml
159 lines (105 loc) · 3.39 KB
/
.default_config.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
crits:
sites:
# The name you want to identify the Crits instance by
localhost:
# Your Crit's ip / fqdn that can be used to find Crits over the network
host: 127.0.0.1
# true/false flag for allowing the adapter to connect to CRITS
enabled: true
api:
# The username of the Crits user you want to let the adapter use to interact with Crits
user: api
# The user's Crits API key
key: changeme
# The port to connect to Crits. Default is 80 for HTTP; 443 for HTTPS
port: 443
# Time in seconds between polling of Crits
poll_interval: 30
# 1000 is currently a hard-wired limit in crits but this can be reduced
max_results: 1000
# The path to the crits API
path: /api/v1/
# The source to use when pushing data to Crits. You may want to use your company's name
source: default # crits source
# The releasability tag to add to data put into Crits. Crits doesn't currently support this functionality
releasability: soltra
# A flag to enable releasability tags
use_releasability: false
# Is Crits over SSL/HTTPS?
ssl: true
# Set to true to attempt to validate the SSL certificate
# self-signed certs probably won't validate
attempt_certificate_validation: false
datagen:
# The number of indicators for the data generator to create
indicator_count: 100
edge:
sites:
# The name you want to identify the Edge instance by
localhost:
# Your Edge's ip / fqdn that can be used to find Crits over the network
host: 127.0.0.1
# true/false flag for allowing the adapter to connect to CRITS
enabled: true
stix:
# XMLNS_Name. Most likely your company's name
xmlns_name: yourcompanyname
# XML namespace url. Most likely your company's website
xmlns_url: http://www.your_company.com/
taxii:
# The username of the Edge user you want to let the adapter use to interact with Edge
user: admin
# The Edge user's password
pass: avalanche
# The port to connect to Edge. Default is 80 for HTTP; 443 for HTTPS
port: 443
# Time in seconds between polling of Edge
poll_interval: 30
# Edge TAXII endpoint path
path: /taxii-data
# TAXII Collection
collection: system.Default
# TAXII Version
version: 1.1
# Is Edge over SSL/HTTPS?
ssl: true
# Set to true to attempt to validate the SSL certificate
# self-signed certs probably won't validate
attempt_certificate_validation: false
datagen:
# default number of indicators for datagen
indicator_count: 100
daemon:
# full path to adapter
app_path: /opt/soltra/edge/repository/adapters/crits
# run in debug mode?
debug: false
log:
# log name
file: edgy_crits.log
# max logs to retain
rotate_count: 10
# max logfile size (in bytes)
rotate_size: 1024000
# daemon pid file
pid: edgy_crits.pid
# full path to daemon working directory
working_dir: /opt/soltra/edge/repository/adapters/crits
mongo:
# mongo ip or fqdn
host: localhost
# mongo port
port: 27017
# mongo user
user:
# mongo pass
pass:
# mongo database
db: inbox
# mongo collection
collection: adapters.crits
datagen:
# canonical tlds for datagen
canonical_tlds: datagen_samples/crits-tlds.txt
# spammy headers for datagen
email_header_samples: datagen_samples/mail_headers.yaml