forked from Yelp/osxcollector
-
Notifications
You must be signed in to change notification settings - Fork 0
/
osxcollector.yaml.example
57 lines (51 loc) · 2.09 KB
/
osxcollector.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
api_key:
# The OpenDNSFilter requires an API key for OpenDNS Investigate
opendns: "ADD YOUR KEY"
# The VTHashesFilter requires an API key for VirusTotal
virustotal: "ADD YOUR KEY"
# The BlacklistFilter allows for multiple blacklists to be compared against at once
# Each blacklists requires:
# - blacklist_name, A name
# - blacklist_keys, JSON paths. These can be of the form "a.b" to look at "b" in {"a": {"b": "foo"}}
# - blacklist_file_path, the path to a file containing values considered blacklisted. Any line starting with # is skipped
# - blacklist_is_regex, should values in the file be treated as Python regex
# - blacklist_is_domains, should values in the file be treated as domains and analyzed with some smart regex to retrieve subdomain etc.
blacklists:
- blacklist_name: "hashes"
blacklist_keys:
- "md5"
- "sha1"
- "sha2"
blacklist_file_path: "/tmp/hash_blacklist.txt"
blacklist_is_regex: False
- blacklist_name: "domains"
blacklist_keys:
- "osxcollector_domains"
blacklist_file_path: "/tmp/domain_blacklist.txt"
blacklist_is_regex: False
blacklist_is_domains: True
# domain_whitelist is a special blacklist entry. Anything on this list won't be looked up with
# OpenDNS or VirusTotal
domain_whitelist:
blacklist_name: "Ignore Domains"
blacklist_keys:
- "osxcollector_domains"
blacklist_file_path: "/tmp/domain_whitelist.txt"
blacklist_is_domains: True
blacklist_is_regex: True
opendns:
LookupDomainsFilter:
cache_file_name: "/tmp/cache.opendns.LookupDomainsFilter.json"
RelatedDomainsFilter:
cache_file_name: "/tmp/cache.opendns.RelatedDomainsFilter.json"
shadowserver:
LookupHashesFilter:
cache_file_name: "/tmp/cache.shadowserver.LookupHashesFilter.json"
virustotal:
LookupHashesFilter:
cache_file_name: "/tmp/cache.virustotal.LookupHashesFilter.json"
LookupDomainsFilter:
cache_file_name: "/tmp/cache.virustotal.LookupDomainsFilter.json"
LookupURLsFilter:
cache_file_name: "/tmp/cache.virustotal.LookupURLsFilter.json"
resources_per_req: 4