-
Notifications
You must be signed in to change notification settings - Fork 291
/
yeti.conf.sample
187 lines (140 loc) · 3.47 KB
/
yeti.conf.sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
[system]
##
## Basic system settings
##
# if export_path is not set, then the default value is /tmp
export_path = /opt/yeti/exports
logging = /var/log/yeti_user_activity.log
plugins_path = ./plugins
audit_logfile = /var/log/yeti_audit.log
templates_dir = /opt/yeti/templates
# Public scheme + hostname + port for Yeti. Use it if you want to specify an
# OIDC callback
# for testing use also a port number, e.g. http://localhost:8000
# webroot =
[auth]
##
## Use these settings to configure Yeti authentication.
##
# oidc, local
module = local
# to get a stronger value run:
# openssl rand -hex 32
# SECRET_KEY = SECRET
# ALGORITHM = HS256
# ACCESS_TOKEN_EXPIRE_MINUTES = 30
# BROWSER_TOKEN_EXPIRE_MINUTES = 43200
enabled = True
# OIDC
#
# Google can be used as an OIDC provider:
# See Instructions here: https://developers.google.com/identity/protocols/oauth2
#
# OIDC_CLIENT_ID = LONGRANDOMSTRING.apps.googleusercontent.com
# OIDC_CLIENT_SECRET = BLABLA-BLABLABLA
# OIDC_DISCOVERY_URL = https://accounts.google.com/.well-known/openid-configuration
[tag]
##
## Use these settings to configure Yeti tags.
## If you specify default_tag_expiration = 7776000, then the tag will expire for 90 days.
## Value must be in days.
##
# default_tag_expiration = 90
[arangodb]
##
## Use these settings to configure how to connect to your ArangoDB database.
## All settings are optional, with default values being the one in the comment.
## If you do not specify a username and password, there will be no authentication.
##
# host = arangodb
# port = 8529
# username = root
# password =
# database = yeti_dev
[redis]
##
## Use these settings to configure how to connect to your redis server.
## All settings are optional, with default values being the one in the comment.
##
# host = redis
# port = 6379
# database = 0
# tls = ok
[events]
# Define in MiB the maximum allocated memory for events queue
memory_limit = 64
# When memory limit is reached, the oldest events will be dropped
# and will keep <keep_ratio> events.
keep_ratio = 0.9
# if concurrency is not defined, defaults to multiprocessing.cpu_count
consumers_concurrency = 2
[misp]
##
## Use this setting in order to specify a comma-separated list of MISP instances
## that should be taken into account by the MISP feed.
##
# instances = misp_1
[misp_1]
##
## For each instance in the 'misp.instances' setting, you should specify a
## configuration block with this format, in order to specify at least the URL
## and the auth key.
##
# name = MISP_1
# url = MISP_URL
# key = MISP_AUTH_KEY
# galaxy_filter = filtering_galaxy_to_drop
# days = days_history_to_change_by_default_60_days
# verifycert = true_or_false
[proxy]
# Format proxies like socks5://user:pass@host:port
http =
https =
[github]
# Generate token: https://github.com/settings/tokens
# Select repo only
# no token - limit 60 r/h
# w/ token - limit 5k r/h
# token =
[etopen]
## time of filtering rule suricata for the first run of feed ETOpen
start_time = 2000-01-01
[otx]
key = YourOTXKey
days = 1
[abuseIPDB]
key = YourKey
[phishtank]
key=
[vt]
key=
[passivedns]
login=
password=
url=
[circl_passivessl]
username=
password=
[circl_pdns]
username=
password=
[dnsdb]
api_key=
[macaddressio]
api_key=
[malshare]
api_key=
[timesketch]
endpoint =
username =
password =
[censys]
api_key =
secret =
[shodan]
# Set result_limit to -1 for unlimited results, default is 100
api_key =
result_limit =
[dfiq]
# Comma-separated list of additional directories to load DFIQ objects from.
extra_dirs = /dfiq