securityonion/salt/sensoroni/defaults.yaml

sensoroni:
  enabled: False
  config:
    analyze:
      enabled: False
      timeout_ms: 900000
      parallel_limit: 5
    export:
      timeout_ms: 1200000
      cache_refresh_interval_ms: 10000
      export_metric_limit: 10000
      export_event_limit: 10000
      csv_separator: ','
    node_checkin_interval_ms: 10000
    sensoronikey:
    soc_host:
    suripcap:
      pcapMaxCount: 100000
    fileanalyze:
      enabled: False
      watchDirs:
        - /nsm/zeek/extracted/complete
      processedDir: /nsm/strelka/processed
      historyDir: /nsm/strelka/history
      logFile: /var/log/strelka/strelka.log
      concurrency: 8
      maxDepth: 15
      recycleSeconds: 300
      dedupMaxEntries: 100000
      dedupTTLSeconds: 3600
      yaraRulesPath: /opt/so/conf/strelka/rules/compiled/rules.compiled
      passwordsPath: /etc/strelka/passwords.dat
      scannerTimeout: 150
  analyzers:
      echotrail:
        base_url: https://api.echotrail.io/insights/
        api_key:
      elasticsearch:
        base_url: 
        auth_user: 
        auth_pwd: 
        num_results: 10
        api_key: 
        index: _all
        time_delta_minutes: 14400
        timestamp_field_name: '@timestamp'
        map: {}
        cert_path:
      emailrep:
        base_url: https://emailrep.io/
        api_key:
      greynoise:
        base_url: https://api.greynoise.io/
        api_key:
        api_version: community
      localfile:
        file_path: []
      malwarebazaar:
        api_key:
      otx:
        base_url: https://otx.alienvault.com/api/v1/
        api_key:
      pulsedive:
        base_url: https://pulsedive.com/api/
        api_key:
      spamhaus:
        lookup_host: zen.spamhaus.org
        nameservers: []
      sublime_platform:
        base_url: https://api.platform.sublimesecurity.com
        api_key:
        live_flow: False
        mailbox_email_address:
        message_source_id:
      threatfox:
        api_key:
      urlscan:
        base_url: https://urlscan.io/api/v1/
        api_key:
        enabled: False
        visibility: public
        timeout: 180
      urlhaus:
        api_key:
      virustotal:
        base_url: https://www.virustotal.com/api/v3/search?query=
        api_key: