securityonion/salt/hive/thehive/etc/cortex-application.conf

{%- set MASTERIP = salt['pillar.get']('static:masterip', '') %}

# Secret Key
# The secret key is used to secure cryptographic functions.
# WARNING: If you deploy your application on several servers, make sure to use the same key.
play.http.secret.key="letsdewdis"
play.http.context=/cortex/
search.uri = "http://{{ MASTERIP }}:9400"

# Elasticsearch
search {
 # Name of the index
 index = cortex
 # Name of the Elasticsearch cluster
 cluster = hive
 # Address of the Elasticsearch instance
 host = ["{{ MASTERIP }}:9500"]
 # Scroll keepalive
 keepalive = 1m
 # Size of the page for scroll
 pagesize = 50
 # Number of shards
 nbshards = 5
 # Number of replicas
 nbreplicas = 0
 # Arbitrary settings
 settings {
   # Maximum number of nested fields
   mapping.nested_fields.limit = 100
 }

  ## Authentication configuration
  #search.username = ""
  #search.password = ""

  ## SSL configuration
  #search.keyStore {
  #  path = "/path/to/keystore"
  #  type = "JKS" # or PKCS12
  #  password = "keystore-password"
  #}
  #search.trustStore {
  #  path = "/path/to/trustStore"
  #  type = "JKS" # or PKCS12
  #  password = "trustStore-password"
  #}
}

## Cache
#
# If an analyzer is executed against the same observable, the previous report can be returned without re-executing the
# analyzer. The cache is used only if the second job occurs within cache.job (the default is 10 minutes).
cache.job = 10 minutes

## Authentication
auth {
	# "provider" parameter contains the authentication provider(s). It can be multi-valued, which is useful
	# for migration.
	# The available auth types are:
	# - services.LocalAuthSrv : passwords are stored in the user entity within ElasticSearch). No
	#   configuration are required.
	# - ad : use ActiveDirectory to authenticate users. The associated configuration shall be done in
	#   the "ad" section below.
	# - ldap : use LDAP to authenticate users. The associated configuration shall be done in the
	#   "ldap" section below.
	provider = [local]

	ad {
		# The Windows domain name in DNS format. This parameter is required if you do not use
		# 'serverNames' below.
		#domainFQDN = "mydomain.local"

		# Optionally you can specify the host names of the domain controllers instead of using 'domainFQDN
		# above. If this parameter is not set, TheHive uses 'domainFQDN'.
		#serverNames = [ad1.mydomain.local, ad2.mydomain.local]

		# The Windows domain name using short format. This parameter is required.
		#domainName = "MYDOMAIN"

		# If 'true', use SSL to connect to the domain controller.
		#useSSL = true
	}

	ldap {
		# The LDAP server name or address. The port can be specified using the 'host:port'
		# syntax. This parameter is required if you don't use 'serverNames' below.
		#serverName = "ldap.mydomain.local:389"

		# If you have multiple LDAP servers, use the multi-valued setting 'serverNames' instead.
		#serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]

		# Account to use to bind to the LDAP server. This parameter is required.
		#bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"

		# Password of the binding account. This parameter is required.
		#bindPW = "***secret*password***"

		# Base DN to search users. This parameter is required.
		#baseDN = "ou=users,dc=mydomain,dc=local"

		# Filter to search user in the directory server. Please note that {0} is replaced
		# by the actual user name. This parameter is required.
		#filter = "(cn={0})"

		# If 'true', use SSL to connect to the LDAP directory server.
		#useSSL = true
	}
}

## ANALYZERS
#
analyzer {
  # Absolute path where you have pulled the Cortex-Analyzers repository.
  path = ["/Cortex-Analyzers/analyzers"]

  # Sane defaults. Do not change unless you know what you are doing.
  fork-join-executor {

    # Min number of threads available for analysis.
    parallelism-min = 2

    # Parallelism (threads) ... ceil(available processors * factor).
    parallelism-factor = 2.0

    # Max number of threads available for analysis.
    parallelism-max = 4
  }
}

# It's the end my friend. Happy hunting!