CSEC_PUBLIC/intelmq-docker
1
0
Fork 0
mirror of https://github.com/certat/intelmq-docker.git synced 2025-12-06 09:12:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed to latest config changes

Browse Source 
Signed-off-by: Sebastian Waldbauer <waldbauer@cert.at>
This commit is contained in:
Sebastian Waldbauer
2021-01-29 10:03:07 +01:00
parent efe1a423cc
commit ffdb9002c0
5 changed files with 263 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
example_config/intelmq/etc/defaults.conf
View File

@@ -22,6 +22,8 @@
"log_processed_messages_seconds": 900,
"logging_handler": "file",
"logging_level": "INFO",
"logging_max_copies": null,
"logging_max_size": 0,
"logging_path": "/opt/intelmq/var/log/",
"logging_syslog": "/dev/log",
"process_manager": "intelmq",
@@ -36,4 +38,4 @@
"statistics_host": "redis",
"statistics_password": null,
"statistics_port": 6379
}
}

253
example_config/intelmq/etc/feeds.yaml
View File

@@ -287,7 +287,7 @@ providers:
http_url: https://urlhaus.abuse.ch/feeds/tld/<TLD>/,
https://urlhaus.abuse.ch/feeds/country/<CC>/, or
https://urlhaus.abuse.ch/feeds/asn/<ASN>/
rate_limit: 129600
rate_limit: 86400
name: __FEED__
provider: __PROVIDER__
parser:
@@ -296,7 +296,7 @@ providers:
skip_header: false
default_url_protocol: http://
type_translation: '{"malware_download": "malware-distribution"}'
delimeter: ","
delimiter: ","
columns:
- time.source
- source.url
@@ -406,7 +406,7 @@ providers:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
rate_limit: 129600
rate_limit: 86400
name: __FEED__
provider: __PROVIDER__
parser:
@@ -429,7 +429,7 @@ providers:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt
rate_limit: 129600
rate_limit: 86400
name: __FEED__
provider: __PROVIDER__
parser:
@@ -542,11 +542,11 @@ providers:
public: yes
Turris:
Greylist:
description: The data are processed and clasified every week and behaviour of
description: The data are processed and classified every week and behaviour of
IP addresses that accessed a larger number of Turris routers is evaluated.
The result is a list of addresses that have tried to obtain information about
services on the router or tried to gain access to them. We publish this so
called "greylist" that also contains a list of tags for each address which
services on the router or tried to gain access to them. The list also
contains a list of tags for each address which
indicate what behaviour of the address was observed.
additional_information:
bots:
@@ -561,7 +561,72 @@ providers:
module: intelmq.bots.parsers.turris.parser
parameters:
revision: 2018-01-20
documentation: https://project.turris.cz/greylist-data/legend.txt
documentation: https://project.turris.cz/en/greylist
public: yes
Greylist with PGP signature verification:
description: |
The data are processed and classified every week and behaviour of
IP addresses that accessed a larger number of Turris routers is evaluated.
The result is a list of addresses that have tried to obtain information about
services on the router or tried to gain access to them. The list also
contains a list of tags for each address which
indicate what behaviour of the address was observed.
The Turris Greylist feed provides PGP signatures for the provided files.
You will need to import the public PGP key from the linked documentation
page, currently available at
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x10876666
or from below.
See the URL Fetcher Collector documentation for more information on
PGP signature verification.
PGP Public key:
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: pgp.mit.edu
mQINBFRl7D8BEADaRFoDa/+r27Gtqrdn8sZL4aSYTU4Q3gDr3TfigK8H26Un/Y79a/DUL1o0
o8SRae3uwVcjJDHZ6KDnxThbqF7URfpuCcCYxOs8p/eu3dSueqEGTODHWF4ChIh2japJDc4t
3FQHbIh2e3GHotVqJGhvxMmWqBFoZ/mlWvhjs99FFBZ87qbUNk7l1UAGEXeWeECgz9nGox40
3YpCgEsnJJsKC53y5LD/wBf4z+z0GsLg2GMRejmPRgrkSE/d9VjF/+niifAj2ZVFoINSVjjI
8wQFc8qLiExdzwLdgc+ggdzk5scY3ugI5IBt1zflxMIOG4BxKj/5IWsnhKMG2NLVGUYOODoG
pKhcY0gCHypw1bmkp2m+BDVyg4KM2fFPgQ554DAX3xdukMCzzZyBxR3UdT4dN7xRVhpph3Y2
Amh1E/dpde9uwKFk1oRHkRZ3UT1XtpbXtFNY0wCiGXPt6KznJAJcomYFkeLHjJo3nMK0hISV
GSNetVLfNWlTkeo93E1innbSaDEN70H4jPivjdVjSrLtIGfr2IudUJI84dGmvMxssWuM2qdg
FSzoTHw9UE9KT3SltKPS+F7u9x3h1J492YaVDncATRjPZUBDhbvo6Pcezhup7XTnI3gbRQc2
oEUDb933nwuobHm3VsUcf9686v6j8TYehsbjk+zdA4BoS/IdCwARAQABtC5UdXJyaXMgR3Jl
eWxpc3QgR2VuZXJhdG9yIDxncmV5bGlzdEB0dXJyaXMuY3o+iQI4BBMBAgAiBQJUZew/AhsD
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDAQrU3EIdmZoH4D/9Jo6j9RZxCAPTaQ9WZ
WOdb1Eqd/206bObEX+xJAago+8vuy+waatHYBM9/+yxh0SIg2g5whd6J7A++7ePpt5XzX6hq
bzdG8qGtsCRu+CpDJ40UwHep79Ck6O/A9KbZcZW1z/DhbYT3z/ZVWALy4RtgmyC67Vr+j/C7
KNQ529bs3kP9AzvEIeBC4wdKl8dUSuZIPFbgf565zRNKLtHVgVhiuDPcxKmBEl4/PLYF30a9
5Tgp8/PNa2qp1DV/EZjcsxvSRIZB3InGBvdKdSzvs4N/wLnKWedj1GGm7tJhSkJa4MLBSOIx
yamhTS/3A5Cd1qoDhLkp7DGVXSdgEtpoZDC0jR7nTS6pXojcgQaF7SfJ3cjZaLI5rjsx0YLk
G4PzonQKCAAQG1G9haCDniD8NrrkZ3eFiafoKEECRFETIG0BJHjPdSWcK9jtNCupBYb7JCiz
Q0hwLh2wrw/wCutQezD8XfsBFFIQC18TsJAVgdHLZnGYkd5dIbV/1scOcm52w6EGIeMBBYlB
J2+JNukH5sJDA6zAXNl2I1H1eZsP4+FSNIfB6LdovHVPAjn7qXCw3+IonnQK8+g8YJkbbhKJ
sPejfg+ndpe5u0zX+GvQCFBFu03muANA0Y/OOeGIQwU93d/akN0P1SRfq+bDXnkRIJQOD6XV
0ZPKVXlNOjy/z2iN2A==
=wjkM
-----END PGP PUBLIC KEY BLOCK-----
```
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://www.turris.cz/greylist-data/greylist-latest.csv
name: Greylist
provider: __PROVIDER__
rate_limit: 43200
signature_url: https://www.turris.cz/greylist-data/greylist-latest.csv.asc
verify_pgp_signatures: false
parser:
module: intelmq.bots.parsers.turris.parser
parameters:
revision: 2018-01-20
documentation: https://project.turris.cz/en/greylist
public: yes
Malc0de:
Bind Format:
@@ -1008,6 +1073,50 @@ providers:
revision: 2018-01-20
documentation: http://www.blocklist.de/en/export.html
public: yes
CERT-Bund:
CB-Report Malware infections via IMAP:
description: CERT-Bund sends reports for the malware-infected hosts.
additional_information: Traffic from malware related hosts contacting
command-and-control servers is caught and sent to national CERT teams.
There are two e-mail feeds with identical CSV structure -- one reports on
general malware infections, the other on the Avalanche botnet.
bots:
collector:
module: intelmq.bots.collectors.mail.collector_mail_attach
parameters:
mail_host: __HOST__
mail_password: __PASSWORD__
mail_ssl: true
mail_user: __USERNAME__
attach_regex: events.csv
extract_files: false
rate_limit: 86400
subject_regex: ^\\[CB-Report#.* Malware infections (\\(Avalanche\\) )?in country
folder: INBOX
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.generic.parser_csv
parameters:
skip_header: true
default_url_protocol: http://
time_format: from_format|%Y-%m-%d %H:%M:%S
delimiter: ","
columns:
- source.asn
- source.ip
- time.source
- classification.type
- malware.name
- source.port
- destination.ip
- destination.port
- destination.fqdn
- protocol.transport
type: infected-system
revision: 2020-08-20
documentation:
public: no
CERT.PL:
N6 Stomp Stream:
description: N6 Collector - CERT.pl's N6 Collector - N6 feed via STOMP interface.
@@ -1081,7 +1190,7 @@ providers:
http_url: http://support.clean-mx.de/clean-mx/xmlviruses?response=alive&domain=
http_timeout_sec: 120
http_user_agent: "{{ your user agent }}"
rate_limit: 129600
rate_limit: 86400
name: __FEED__
provider: __PROVIDER__
parser:
@@ -1101,7 +1210,7 @@ providers:
http_url: http://support.clean-mx.de/clean-mx/xmlphishing?response=alive&domain=
http_timeout_sec: 120
http_user_agent: "{{ your user agent }}"
rate_limit: 129600
rate_limit: 86400
name: __FEED__
provider: __PROVIDER__
parser:
@@ -1205,10 +1314,12 @@ providers:
revision: 2018-01-20
documentation: https://osint.bambenekconsulting.com/feeds/
public: yes
DynDNS:
Infected Domains:
description: DynDNS ponmocup. List of ponmocup malware redirection domains and
infected web-servers. See also http://security-research.dyndns.org/pub/botnet-links.html
cAPTure:
Ponmocup Domains CIF Format:
description: List of ponmocup malware redirection domains and infected web-servers from cAPTure.
See also http://security-research.dyndns.org/pub/botnet-links.htm
and http://c-apt-ure.blogspot.com/search/label/ponmocup
The data in the CIF format is not equal to the Shadowserver CSV format. Reasons are unknown.
additional_information:
bots:
collector:
@@ -1216,7 +1327,7 @@ providers:
parameters:
http_url: http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-CIF-latest.txt
rate_limit: 10800
name: __FEED__
name: Infected Domains
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.dyn.parser
@@ -1224,6 +1335,40 @@ providers:
revision: 2018-01-20
documentation: http://security-research.dyndns.org/pub/malware-feeds/
public: yes
Ponmocup Domains Shadowserver Format:
description: List of ponmocup malware redirection domains and infected web-servers from cAPTure.
See also http://security-research.dyndns.org/pub/botnet-links.htm
and http://c-apt-ure.blogspot.com/search/label/ponmocup
The data in the Shadowserver CSV is not equal to the CIF format format. Reasons are unknown.
additional_information:
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: http://security-research.dyndns.org/pub/malware-feeds/ponmocup-infected-domains-shadowserver.csv
rate_limit: 10800
name: Infected Domains
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.generic.parser_csv
parameters:
columns:
- time.source
- source.ip
- source.fqdn
- source.urlpath
- source.port
- protocol.application
- extra.tag
- extra.redirect_target
- extra.category
compose_fields: {"source.url": "http://{0}{1}"}
skip_header: true
delimiter: ","
type: malware-distribution
revision: 2020-07-08
documentation: http://security-research.dyndns.org/pub/malware-feeds/
public: yes
DShield:
Suspicious Domains:
description: There are many suspicious domains on the internet. In an effort
@@ -1236,7 +1381,7 @@ providers:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://www.dshield.org/feeds/suspiciousdomains_High.txt
rate_limit: 129600
rate_limit: 86400
name: __FEED__
provider: __PROVIDER__
parser:
@@ -1255,7 +1400,7 @@ providers:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://www.dshield.org/block.txt
rate_limit: 129600
rate_limit: 86400
name: __FEED__
provider: __PROVIDER__
parser:
@@ -1272,7 +1417,7 @@ providers:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://dshield.org/asdetailsascii.html?as={{ AS Number }}
rate_limit: 129600
rate_limit: 86400
name: __FEED__
provider: __PROVIDER__
parser:
@@ -1356,6 +1501,28 @@ providers:
revision: 2018-01-20
documentation: https://www.shadowserver.org/what-we-do/network-reporting/
public: no
Via API:
description: Shadowserver sends out a variety of reports to subscribers, see documentation.
additional_information: This configuration fetches user-configurable reports from the Shadowserver Reports API. For a list of reports, have a look at the Shadowserver collector and parser documentation.
bots:
collector:
module: intelmq.bots.collectors.shadowserver.collector_reports_api
parameters:
country: <CC>
api_key: <API key>
secret: <API secret>
types: <single report or list of reports>
rate_limit: 86400
redis_cache_db: 12
redis_cache_host: 127.0.0.1
redis_cache_port: 6379
redis_cache_ttl: 864000
parser:
module: intelmq.bots.parsers.shadowserver.parser_json
parameters:
revision: 2020-01-08
documentation: https://www.shadowserver.org/what-we-do/network-reporting/api-documentation/
public: no
Fraunhofer:
DGA Archive:
description: Fraunhofer DGA collector fetches data from Fraunhofer's domain
@@ -1417,7 +1584,7 @@ providers:
documentation: https://docs.microsoft.com/en-us/security/gsp/informationsharingandexchange
public: no
CTIP via Interflow:
description: Collects CTIP (Sinkhole data) files from the Interflow API.The feed is available via Microsofts Government Security Program (GSP).
description: Collects the CTIP Infected feed (Sinkhole data for your country) files from the Interflow API.The feed is available via Microsofts Government Security Program (GSP).
additional_information: Depending on the file sizes you may need to increase the parameter 'http_timeout_sec' of the collector. As many IPs occur very often in the data, you may want to use a deduplicator specifically for the feed.
bots:
collector:
@@ -1436,8 +1603,8 @@ providers:
revision: 2018-03-06
documentation: https://docs.microsoft.com/en-us/security/gsp/informationsharingandexchange
public: no
CTIP via Azure:
description: Collects CTIP (Sinkhole data) files from a shared Azure Storage. The feed is available via Microsofts Government Security Program (GSP).
CTIP Infected via Azure:
description: Collects the CTIP (Sinkhole data) from a shared Azure Storage. The feed is available via Microsofts Government Security Program (GSP).
additional_information: The cache is needed for memorizing which files have already been processed, the TTL should be higher than the oldest file available in the storage (currently the last three days are available). The connection string contains endpoint as well as authentication information.
bots:
collector:
@@ -1458,6 +1625,28 @@ providers:
revision: 2020-05-29
documentation: https://docs.microsoft.com/en-us/security/gsp/informationsharingandexchange
public: no
CTIP C2 via Azure:
description: Collects the CTIP C2 feed from a shared Azure Storage. The feed is available via Microsofts Government Security Program (GSP).
additional_information: The cache is needed for memorizing which files have already been processed, the TTL should be higher than the oldest file available in the storage (currently the last three days are available). The connection string contains endpoint as well as authentication information.
bots:
collector:
module: intelmq.bots.collectors.microsoft.collector_azure
parameters:
connection_string: "{{your connection string}}"
container_name: "ctip-c2"
name: __FEED__
provider: __PROVIDER__
rate_limit: 3600
redis_cache_db: 5
redis_cache_host: 127.0.0.1
redis_cache_port: 6379
redis_cache_ttl: 864000
parser:
module: intelmq.bots.parsers.microsoft.parser_ctip
parameters:
revision: 2020-05-29
documentation: https://docs.microsoft.com/en-us/security/gsp/informationsharingandexchange
public: no
Threatminer:
Recent domains:
description: Latest malicious domains.
@@ -1595,7 +1784,7 @@ providers:
DailyIOC:
description: Daily IOC from tweets and articles
additional_information: |
collector's `extra_fields` parameter may be any of fields from the github [content API response](https://developer.github.com/v3/repos/contents/)
collector's `extra_fields` parameter may be any of fields from the github `content API response <https://developer.github.com/v3/repos/contents/>`_
bots:
collector:
module: intelmq.bots.collectors.github_api.collector_github_contents_api
@@ -1612,7 +1801,7 @@ providers:
public: yes
CZ.NIC:
HaaS:
description: SSH attackers against HaaS (Honeypot as a Sevice) provided by CZ.NIC, z.s.p.o. The dump is published once a day.
description: SSH attackers against HaaS (Honeypot as a Service) provided by CZ.NIC, z.s.p.o. The dump is published once a day.
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
@@ -1628,6 +1817,24 @@ providers:
revision: 2020-07-22
documentation: https://haas.nic.cz/
public: yes
Proki:
description: Aggregation of various sources on malicious IP addresses (malware spreaders or C&C servers).
bots:
collector:
module: intelmq.bots.collectors.http.collector_http
parameters:
http_url: https://proki.csirt.cz/api/1/__APIKEY__/data/day/{time[%Y/%m/%d]}
http_url_formatting:
days: -1
rate_limit: 86400
name: __FEED__
provider: __PROVIDER__
parser:
module: intelmq.bots.parsers.cznic.parser_proki
parameters:
revision: 2020-08-17
documentation: https://csirt.cz/en/proki/
public: no
ESET:
ETI Domains:
description: Domain data from ESET's TAXII API.

8
example_config/intelmq/etc/harmonization.conf
View File

@@ -1,16 +1,16 @@
{
"event": {
"classification.identifier": {
"description": "The lowercase identifier defines the actual software or service (e.g. 'heartbleed' or 'ntp_version') or standardized malware name (e.g. 'zeus'). Note that you MAY overwrite this field during processing for your individual setup. This field is not standardized across IntelMQ setups/users.",
"description": "The lowercase identifier defines the actual software or service (e.g. ``heartbleed`` or ``ntp_version``) or standardized malware name (e.g. ``zeus``). Note that you MAY overwrite this field during processing for your individual setup. This field is not standardized across IntelMQ setups/users.",
"type": "String"
},
"classification.taxonomy": {
"description": "We recognize the need for the CSIRT teams to apply a static (incident) taxonomy to abuse data. With this goal in mind the type IOC will serve as a basis for this activity. Each value of the dynamic type mapping translates to a an element in the static taxonomy. The European CSIRT teams for example have decided to apply the eCSIRT.net incident classification. The value of the taxonomy key is thus a derivative of the dynamic type above. For more information about check [ENISA taxonomies](http://www.enisa.europa.eu/activities/cert/support/incident-management/browsable/incident-handling-process/incident-taxonomy/existing-taxonomies).",
"description": "We recognize the need for the CSIRT teams to apply a static (incident) taxonomy to abuse data. With this goal in mind the type IOC will serve as a basis for this activity. Each value of the dynamic type mapping translates to a an element in the static taxonomy. The European CSIRT teams for example have decided to apply the eCSIRT.net incident classification. The value of the taxonomy key is thus a derivative of the dynamic type above. For more information about check `ENISA taxonomies <http://www.enisa.europa.eu/activities/cert/support/incident-management/browsable/incident-handling-process/incident-taxonomy/existing-taxonomies>`_.",
"length": 100,
"type": "LowercaseString"
},
"classification.type": {
"description": "The abuse type IOC is one of the most crucial pieces of information for any given abuse event. The main idea of dynamic typing is to keep our ontology flexible, since we need to evolve with the evolving threatscape of abuse data. In contrast with the static taxonomy below, the dynamic typing is used to perform business decisions in the abuse handling pipeline. Furthermore, the value data set should be kept as minimal as possible to avoid \u201ctype explosion\u201d, which in turn dilutes the business value of the dynamic typing. In general, we normally have two types of abuse type IOC: ones referring to a compromised resource or ones referring to pieces of the criminal infrastructure, such as a command and control servers for example.",
"description": "The abuse type IOC is one of the most crucial pieces of information for any given abuse event. The main idea of dynamic typing is to keep our ontology flexible, since we need to evolve with the evolving threatscape of abuse data. In contrast with the static taxonomy below, the dynamic typing is used to perform business decisions in the abuse handling pipeline. Furthermore, the value data set should be kept as minimal as possible to avoid *type explosion*, which in turn dilutes the business value of the dynamic typing. In general, we normally have two types of abuse type IOC: ones referring to a compromised resource or ones referring to pieces of the criminal infrastructure, such as a command and control servers for example.",
"type": "ClassificationType"
},
"comment": {
@@ -356,7 +356,7 @@
"type": "DateTime"
},
"time.source": {
"description": "The time of occurence of the event as reported the feed (source).",
"description": "The time of occurrence of the event as reported the feed (source).",
"type": "DateTime"
},
"tlp": {

42
example_config/intelmq/etc/pipeline.conf
View File

@@ -1,15 +1,15 @@
{
"cymru-whois-expert": {
"source-queue": "cymru-whois-expert-queue",
"destination-queues": [
"file-output-queue"
]
],
"source-queue": "cymru-whois-expert-queue"
},
"deduplicator-expert": {
"source-queue": "deduplicator-expert-queue",
"destination-queues": [
"taxonomy-expert-queue"
]
],
"source-queue": "deduplicator-expert-queue"
},
"feodo-tracker-browse-collector": {
"destination-queues": [
@@ -17,31 +17,31 @@
]
},
"feodo-tracker-browse-parser": {
"source-queue": "feodo-tracker-browse-parser-queue",
"destination-queues": [
"deduplicator-expert-queue"
]
],
"source-queue": "feodo-tracker-browse-parser-queue"
},
"file-output": {
"source-queue": "file-output-queue"
},
"gethostbyname-1-expert": {
"source-queue": "gethostbyname-1-expert-queue",
"destination-queues": [
"cymru-whois-expert-queue"
]
],
"source-queue": "gethostbyname-1-expert-queue"
},
"gethostbyname-2-expert": {
"source-queue": "gethostbyname-2-expert-queue",
"destination-queues": [
"cymru-whois-expert-queue"
]
],
"source-queue": "gethostbyname-2-expert-queue"
},
"malc0de-parser": {
"source-queue": "malc0de-parser-queue",
"destination-queues": [
"deduplicator-expert-queue"
]
],
"source-queue": "malc0de-parser-queue"
},
"malc0de-windows-format-collector": {
"destination-queues": [
@@ -54,10 +54,10 @@
]
},
"malware-domain-list-parser": {
"source-queue": "malware-domain-list-parser-queue",
"destination-queues": [
"deduplicator-expert-queue"
]
],
"source-queue": "malware-domain-list-parser-queue"
},
"spamhaus-drop-collector": {
"destination-queues": [
@@ -65,22 +65,22 @@
]
},
"spamhaus-drop-parser": {
"source-queue": "spamhaus-drop-parser-queue",
"destination-queues": [
"deduplicator-expert-queue"
]
],
"source-queue": "spamhaus-drop-parser-queue"
},
"taxonomy-expert": {
"source-queue": "taxonomy-expert-queue",
"destination-queues": [
"url2fqdn-expert-queue"
]
],
"source-queue": "taxonomy-expert-queue"
},
"url2fqdn-expert": {
"source-queue": "url2fqdn-expert-queue",
"destination-queues": [
"gethostbyname-1-expert-queue",
"gethostbyname-2-expert-queue"
]
],
"source-queue": "url2fqdn-expert-queue"
}
}
}

12
example_config/intelmq/etc/runtime.conf
View File

@@ -10,6 +10,7 @@
"parameters": {
"overwrite": true,
"redis_cache_db": 5,
"redis_cache_host": "127.0.0.1",
"redis_cache_password": null,
"redis_cache_port": 6379,
"redis_cache_ttl": 86400
@@ -28,6 +29,7 @@
"filter_keys": "raw,time.observation",
"filter_type": "blacklist",
"redis_cache_db": 6,
"redis_cache_host": "127.0.0.1",
"redis_cache_port": 6379,
"redis_cache_ttl": 86400
},
@@ -50,9 +52,7 @@
"rate_limit": 86400,
"ssl_client_certificate": null
},
"run_mode": "continuous",
"groupname": "collectors",
"bot_id": "feodo-tracker-browse-collector"
"run_mode": "continuous"
},
"feodo-tracker-browse-parser": {
"description": "HTML Table Parser is a bot configurable to parse different html table data.",
@@ -74,9 +74,7 @@
"time_format": null,
"type": "c2server"
},
"run_mode": "continuous",
"groupname": "parsers",
"bot_id": "feodo-tracker-browse-parser"
"run_mode": "continuous"
},
"file-output": {
"bot_id": "file-output",
@@ -227,4 +225,4 @@
},
"run_mode": "continuous"
}
}
}