CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add README

Browse Source
This commit is contained in:
weslambert
2023-12-06 13:14:17 -05:00
committed by GitHub
parent ade3a46a9a
commit 7f21bee0d4
1 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
salt/sensoroni/files/analyzers/sublime/README.md Normal file
View File

@@ -0,0 +1,24 @@
# Sublime
## Description
Submit a base64-encoded EML file to Sublime Platform for analysis.
## Configuration Requirements
In SOC, navigate to `Administration`, toggle `Show all configurable settings, including advanced settings.`, and navigate to `sensoroni` -> `analyzers` -> `sublime_platform`.
![image](https://github.com/Security-Onion-Solutions/securityonion/assets/16829864/a914f59d-c09f-40b6-ae8b-d644df236b81)
The following configuration options are available for:
``api_key`` - API key used for communication with the Sublime Platform API (Required)
``base_url`` - URL used for communication with Sublime Platform. If no value is supplied, the default of `https://api.platform.sublimesecurity.com` will be used.
The following options relate to [Live Flow](https://docs.sublimesecurity.com/reference/analyzerawmessageliveflow-1) analysis only:
``live_flow`` - Determines if live flow analysis should be used. Defaults to `False`.
``mailbox_email_address`` - The mailbox address to use for during live flow analysis. (Required for live flow analysis)
``message_source_id`` - The ID of the message source to use during live flow analysis. (Required for live flow analysis)