sensoroni: enabled: description: Enable or disable Sensoroni. advanced: True helpLink: grid.html config: analyze: enabled: description: Enable or disable the analyzer. advanced: True helpLink: cases.html timeout_ms: description: Timeout period for the analyzer. advanced: True helpLink: cases.html parallel_limit: description: Parallel limit for the analyzer. advanced: True helpLink: cases.html node_checkin_interval_ms: description: Interval in ms to checkin to the soc_host. advanced: True helpLink: grid.html node_description: description: Description of the specific node. helpLink: grid.html node: True forcedType: string sensoronikey: description: Shared key for sensoroni authentication. helpLink: grid.html global: True sensitive: True advanced: True soc_host: description: Host for sensoroni agents to connect to. helpLink: grid.html global: True advanced: True analyzers: echotrail: api_key: description: API key for the Echotrail analyzer. helpLink: sensoroni.html global: False sensitive: True advanced: False forcedType: string base_url: description: Base URL for the Echotrail analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string elasticsearch: api_key: description: API key for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: True advanced: True forcedType: string base_url: description: Connection URL for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string auth_user: description: Username for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string auth_pwd: description: User password for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: True advanced: False forcedType: string num_results: description: Number of documents to return for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: True forcedType: string index: description: Search index for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string time_delta_minutes: description: Time (in minutes) to search back for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: True forcedType: int timestamp_field_name: description: Specified name for a documents' timestamp field for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: True forcedType: string map: description: Map between observable types and search field for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string cert_path: description: Path to a TLS certificate for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string emailrep: api_key: description: API key for the EmailRep analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the EmailRep analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string greynoise: api_key: description: API key for the GreyNoise analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string api_version: description: API version for the GreyNoise analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string base_url: description: Base URL for the GreyNoise analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string localfile: file_path: description: File path for the LocalFile analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: "[]string" otx: api_key: description: API key for the OTX analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the OTX analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string pulsedive: api_key: description: API key for the Pulsedive analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the Pulsedive analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string spamhaus: lookup_host: description: Host to use for lookups. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string nameservers: description: Nameservers used for queries. helpLink: cases.html global: False sensitive: False advanced: True forcedTypes: "[]string" sublime_platform: api_key: description: API key for the Sublime Platform analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the Sublime Platform analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string live_flow: description: Determines if live flow analysis is used. helpLink: cases.html global: False sensitive: False advanced: True forcedType: bool mailbox_email_address: description: Source mailbox address used for live flow analysis. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string message_source_id: description: ID of the message source used for live flow analysis. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string urlscan: api_key: description: API key for the Urlscan analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the Urlscan analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string enabled: description: Analyzer enabled helpLink: cases.html global: False sensitive: False advanced: True forcedType: bool timeout: description: Timeout for the Urlscan analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: int visibility: description: Type of visibility. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string virustotal: api_key: description: API key for the VirusTotal analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the VirusTotal analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string