mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-25 22:17:49 +02:00
Cortex - initial commit
This commit is contained in:
Josh Brower
@@ -0,0 +1,130 @@
|
||||
{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}
|
||||
|
||||
# Secret Key
|
||||
# The secret key is used to secure cryptographic functions.
|
||||
# WARNING: If you deploy your application on several servers, make sure to use the same key.
|
||||
play.http.secret.key="letsdewdis"
|
||||
play.http.context=/cortex/
|
||||
search.uri = "http://{{ MASTERIP }}:9400"
|
||||
|
||||
# Elasticsearch
|
||||
search {
|
||||
# Name of the index
|
||||
index = cortex
|
||||
# Name of the Elasticsearch cluster
|
||||
cluster = hive
|
||||
# Address of the Elasticsearch instance
|
||||
host = ["{{ MASTERIP }}:9500"]
|
||||
# Scroll keepalive
|
||||
keepalive = 1m
|
||||
# Size of the page for scroll
|
||||
pagesize = 50
|
||||
# Number of shards
|
||||
nbshards = 5
|
||||
# Number of replicas
|
||||
nbreplicas = 1
|
||||
# Arbitrary settings
|
||||
settings {
|
||||
# Maximum number of nested fields
|
||||
mapping.nested_fields.limit = 100
|
||||
}
|
||||
|
||||
## Authentication configuration
|
||||
#search.username = ""
|
||||
#search.password = ""
|
||||
|
||||
## SSL configuration
|
||||
#search.keyStore {
|
||||
# path = "/path/to/keystore"
|
||||
# type = "JKS" # or PKCS12
|
||||
# password = "keystore-password"
|
||||
#}
|
||||
#search.trustStore {
|
||||
# path = "/path/to/trustStore"
|
||||
# type = "JKS" # or PKCS12
|
||||
# password = "trustStore-password"
|
||||
#}
|
||||
}
|
||||
|
||||
## Cache
|
||||
#
|
||||
# If an analyzer is executed against the same observable, the previous report can be returned without re-executing the
|
||||
# analyzer. The cache is used only if the second job occurs within cache.job (the default is 10 minutes).
|
||||
cache.job = 10 minutes
|
||||
|
||||
## Authentication
|
||||
auth {
|
||||
# "provider" parameter contains the authentication provider(s). It can be multi-valued, which is useful
|
||||
# for migration.
|
||||
# The available auth types are:
|
||||
# - services.LocalAuthSrv : passwords are stored in the user entity within ElasticSearch). No
|
||||
# configuration are required.
|
||||
# - ad : use ActiveDirectory to authenticate users. The associated configuration shall be done in
|
||||
# the "ad" section below.
|
||||
# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
|
||||
# "ldap" section below.
|
||||
provider = [local]
|
||||
|
||||
ad {
|
||||
# The Windows domain name in DNS format. This parameter is required if you do not use
|
||||
# 'serverNames' below.
|
||||
#domainFQDN = "mydomain.local"
|
||||
|
||||
# Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
|
||||
# above. If this parameter is not set, TheHive uses 'domainFQDN'.
|
||||
#serverNames = [ad1.mydomain.local, ad2.mydomain.local]
|
||||
|
||||
# The Windows domain name using short format. This parameter is required.
|
||||
#domainName = "MYDOMAIN"
|
||||
|
||||
# If 'true', use SSL to connect to the domain controller.
|
||||
#useSSL = true
|
||||
}
|
||||
|
||||
ldap {
|
||||
# The LDAP server name or address. The port can be specified using the 'host:port'
|
||||
# syntax. This parameter is required if you don't use 'serverNames' below.
|
||||
#serverName = "ldap.mydomain.local:389"
|
||||
|
||||
# If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
|
||||
#serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
|
||||
|
||||
# Account to use to bind to the LDAP server. This parameter is required.
|
||||
#bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
|
||||
|
||||
# Password of the binding account. This parameter is required.
|
||||
#bindPW = "***secret*password***"
|
||||
|
||||
# Base DN to search users. This parameter is required.
|
||||
#baseDN = "ou=users,dc=mydomain,dc=local"
|
||||
|
||||
# Filter to search user in the directory server. Please note that {0} is replaced
|
||||
# by the actual user name. This parameter is required.
|
||||
#filter = "(cn={0})"
|
||||
|
||||
# If 'true', use SSL to connect to the LDAP directory server.
|
||||
#useSSL = true
|
||||
}
|
||||
}
|
||||
|
||||
## ANALYZERS
|
||||
#
|
||||
analyzer {
|
||||
# Absolute path where you have pulled the Cortex-Analyzers repository.
|
||||
path = ["/Cortex-Analyzers/analyzers"]
|
||||
|
||||
# Sane defaults. Do not change unless you know what you are doing.
|
||||
fork-join-executor {
|
||||
|
||||
# Min number of threads available for analysis.
|
||||
parallelism-min = 2
|
||||
|
||||
# Parallelism (threads) ... ceil(available processors * factor).
|
||||
parallelism-factor = 2.0
|
||||
|
||||
# Max number of threads available for analysis.
|
||||
parallelism-max = 4
|
||||
}
|
||||
}
|
||||
|
||||
# It's the end my friend. Happy hunting!
|
||||
Reference in New Issue
Block a user