sensoroni: enabled: description: Enable or disable the per-node SOC agent process. This process is used for performing node-related jobs and reporting node metrics back to SOC. Disabling this process is unsupported and will result in an improperly functioning grid. advanced: True helpLink: grid.html config: analyze: enabled: description: Enable or disable the analyzer. advanced: True helpLink: cases.html timeout_ms: description: Timeout period for the analyzer. advanced: True helpLink: cases.html parallel_limit: description: Parallel limit for the analyzer. advanced: True helpLink: cases.html node_checkin_interval_ms: description: Interval in ms to checkin to the soc_host. advanced: True helpLink: grid.html node_description: description: Description of the specific node. helpLink: grid.html node: True forcedType: string sensoronikey: description: Shared key for sensoroni authentication. helpLink: grid.html global: True sensitive: True advanced: True soc_host: description: Host for sensoroni agents to connect to. helpLink: grid.html global: True advanced: True suripcap: pcapMaxCount: description: The maximum number of PCAP packets to extract from eligible PCAP files, for PCAP jobs. If there are issues fetching excessively large packet streams consider lowering this value to reduce the number of collected packets returned to the user interface. helpLink: sensoroni.html advanced: True analyzers: echotrail: api_key: description: API key for the Echotrail analyzer. helpLink: sensoroni.html global: False sensitive: True advanced: False forcedType: string base_url: description: Base URL for the Echotrail analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string elasticsearch: api_key: description: API key for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: True advanced: True forcedType: string base_url: description: Connection URL for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string auth_user: description: Username for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string auth_pwd: description: User password for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: True advanced: False forcedType: string num_results: description: Number of documents to return for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: True forcedType: string index: description: Search index for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string time_delta_minutes: description: Time (in minutes) to search back for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: True forcedType: int timestamp_field_name: description: Specified name for a documents' timestamp field for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: True forcedType: string map: description: Map between observable types and search field for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string cert_path: description: Path to a TLS certificate for the Elasticsearch analyzer. helpLink: sensoroni.html global: False sensitive: False advanced: False forcedType: string emailrep: api_key: description: API key for the EmailRep analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the EmailRep analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string greynoise: api_key: description: API key for the GreyNoise analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string api_version: description: API version for the GreyNoise analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string base_url: description: Base URL for the GreyNoise analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string localfile: file_path: description: File path for the LocalFile analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: "[]string" otx: api_key: description: API key for the OTX analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the OTX analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string pulsedive: api_key: description: API key for the Pulsedive analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the Pulsedive analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string spamhaus: lookup_host: description: Host to use for lookups. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string nameservers: description: Nameservers used for queries. helpLink: cases.html global: False sensitive: False advanced: True forcedTypes: "[]string" sublime_platform: api_key: description: API key for the Sublime Platform analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the Sublime Platform analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string live_flow: description: Determines if live flow analysis is used. helpLink: cases.html global: False sensitive: False advanced: True forcedType: bool mailbox_email_address: description: Source mailbox address used for live flow analysis. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string message_source_id: description: ID of the message source used for live flow analysis. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string urlscan: api_key: description: API key for the Urlscan analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the Urlscan analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string enabled: description: Analyzer enabled helpLink: cases.html global: False sensitive: False advanced: True forcedType: bool timeout: description: Timeout for the Urlscan analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: int visibility: description: Type of visibility. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string virustotal: api_key: description: API key for the VirusTotal analyzer. helpLink: cases.html global: False sensitive: True advanced: True forcedType: string base_url: description: Base URL for the VirusTotal analyzer. helpLink: cases.html global: False sensitive: False advanced: True forcedType: string