strelka: config: backend: backend: logging_cfg: description: Path to the Python logging configuration. readonly: True global: False helpLink: strelka.html advanced: True limits: max_files: description: Number of files the backend will process before shutting down. readonly: False global: False helpLink: strelka.html time_to_live: description: Amount of time (in seconds) that the backend will run before shutting down (0 to disable). readonly: False global: False helpLink: strelka.html max_depth: description: Maximum depth that extracted files will be processed by the backend. readonly: False global: False helpLink: strelka.html distribution: description: Amount of time (in seconds) that a single file can be distributed to all scanners. readonly: False global: False helpLink: strelka.html scanner: description: Amount of time (in seconds) that a scanner can spend scanning a file (can be overridden per scanner). readonly: False global: False helpLink: strelka.html coordinator: addr: description: Network address of the coordinator. readonly: False global: False helpLink: strelka.html advanced: True db: description: Redis database of the coordinator. readonly: False global: False helpLink: strelka.html advanced: True tasting: mime_db: description: Location of the MIME database used to taste files. readonly: True global: False helpLink: strelka.html advanced: True yara_rules: description: Location of the directory of YARA files that contains rules used to taste files. readonly: True global: False helpLink: strelka.html advanced: True scanners: 'ScanBase64': &scannerOptions description: Configuration options for this scanner. readonly: False global: False helpLink: strelka.html advanced: True type: json multiline: True 'ScanBatch': *scannerOptions 'ScanBzip2': *scannerOptions 'ScanDocx': *scannerOptions 'ScanElf': *scannerOptions 'ScanEmail': *scannerOptions 'ScanEntropy': *scannerOptions 'ScanExiftool': *scannerOptions 'ScanGif': *scannerOptions 'ScanGzip': *scannerOptions 'ScanHash': *scannerOptions 'ScanHeader': *scannerOptions 'ScanHtml': *scannerOptions 'ScanIni': *scannerOptions 'ScanJarManifest': *scannerOptions 'ScanJavascript': *scannerOptions 'ScanJpeg': *scannerOptions 'ScanJson': *scannerOptions 'ScanLibarchive': *scannerOptions 'ScanLzma': *scannerOptions 'ScanMacho': *scannerOptions 'ScanOcr': *scannerOptions 'ScanOle': *scannerOptions 'ScanPdf': *scannerOptions 'ScanPe': *scannerOptions 'ScanPgp': *scannerOptions 'ScanPhp': *scannerOptions 'ScanPkcs7': *scannerOptions 'ScanPlist': *scannerOptions 'ScanRar': *scannerOptions 'ScanRpm': *scannerOptions 'ScanRtf': *scannerOptions 'ScanRuby': *scannerOptions 'ScanSwf': *scannerOptions 'ScanTar': *scannerOptions 'ScanTnef': *scannerOptions 'ScanUpx': *scannerOptions 'ScanUrl': *scannerOptions 'ScanVb': *scannerOptions 'ScanVba': *scannerOptions 'ScanX509': *scannerOptions 'ScanXml': *scannerOptions 'ScanYara': *scannerOptions 'ScanZip': *scannerOptions 'ScanZlib': *scannerOptions logging: version: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True formatters: simple: format: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True datefmt: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True handlers: console: class: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True formatter: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True stream: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True root: level: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True handlers: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True loggers: OpenSSL: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True bs4: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True bz2: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True chardet: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True docx: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True elftools: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True email: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True entropy: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True esprima: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True gzip: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True hashlib: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True json: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True libarchive: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True lxml: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True lzma: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True macholibre: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True olefile: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True oletools: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True pdfminer: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True pefile: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True pgpdump: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True pygments: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True pylzma: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True rarfile: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True requests: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True rpmfile: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True ssdeep: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True tarfile: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True tnefparse: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True yara: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True zipfile: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True zlib: propagate: description: This is an advanced option for Strelka logging. readonly: False global: False helpLink: strelka.html advanced: True passwords: description: Passwords that will be stored in the password_file used in scanner options. readonly: False global: False helpLink: strelka.html multiline: True filestream: conn: server: description: Network address of the frontend server. readonly: False global: False helpLink: strelka.html advanced: True cert: description: Local path to the frontend SSL server certificate. readonly: False global: False helpLink: strelka.html advanced: True timeout: dial: description: Amount of time to wait for the client to dial the server. readonly: False global: False helpLink: strelka.html advanced: True file: description: Amount of time to wait for an individual file to complete a scan. readonly: False global: False helpLink: strelka.html advanced: True throughput: concurrency: description: Number of concurrent requests to make. readonly: False global: False helpLink: strelka.html advanced: True chunk: description: Size of file chunks that will be sent to the frontend server. readonly: False global: False helpLink: strelka.html advanced: True delay: description: Artificial sleep between the submission of each chunk. readonly: False global: False helpLink: strelka.html advanced: True files: patterns: description: List of glob patterns that determine which files will be sent for scanning. readonly: False global: False helpLink: strelka.html advanced: True delete: description: Boolean that determines if files should be deleted after being sent for scanning. readonly: False global: False helpLink: strelka.html advanced: True gatekeeper: description: Boolean that determines if events should be pulled from the temporary event cache. readonly: False global: False helpLink: strelka.html advanced: True processed: description: Directory where files will be moved after being submitted for scanning. readonly: False global: False helpLink: strelka.html advanced: True response: report: description: Frequency at which the frontend reports the number of files processed. readonly: False global: False helpLink: strelka.html advanced: True delta: description: Time value that determines how much time must pass since a file was last modified before it is sent for scanning. readonly: False global: False helpLink: strelka.html advanced: True staging: description: Directory where files are staged before being sent to the cluster. readonly: False global: False helpLink: strelka.html advanced: True frontend: server: description: Network address of the frontend server. readonly: False global: False helpLink: strelka.html advanced: True coordinator: addr: description: Network address of the coordinator. readonly: False global: False helpLink: strelka.html advanced: True db: description: Redis database of the coordinator. readonly: False global: False helpLink: strelka.html advanced: True gatekeeper: addr: description: Network address of the gatekeeper. readonly: False global: False helpLink: strelka.html advanced: True db: description: Redis database of the gatekeeper. readonly: False global: False helpLink: strelka.html advanced: True ttl: description: Time-to-live for events added to the gatekeeper. readonly: False global: False helpLink: strelka.html advanced: True response: log: description: Location where worker scan results are logged to. readonly: False global: False helpLink: strelka.html advanced: True manager: coordinator: addr: description: Network address of the coordinator. readonly: False global: False helpLink: strelka.html advanced: True db: description: Redis database of the coordinator. readonly: False global: False helpLink: strelka.html advanced: True rules: enabled: description: Boolean that determines if yara rules sync from the Salt manager to the backend nodes. readonly: False global: False helpLink: strelka.html advanced: False repos: description: List of repos for so-yara-update to use to download rules. readonly: False global: False helpLink: strelka.html advanced: False excluded: description: List of rules to exclude so-yara-update from download and propagating to backend nodes. readonly: False global: False helpLink: strelka.html advanced: False filecheck: historypath: description: The path for previously scanned files. readonly: True global: False helpLink: strelka.html advanced: True strelkapath: description: The path for unprocessed files. readonly: True global: False helpLink: strelka.html advanced: True logfile: description: The path for the filecheck log. readonly: False global: False helpLink: strelka.html advanced: True