CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-13 19:51:23 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ebcef8adbd11b91a5bbcfec0865dde1d1c8cb7ea
securityonion/salt/strelka/soc_strelka.yaml
Wes 823ff7ce11 Remove exclusions and repos
2024-05-09 17:03:13 +00:00

601 lines
20 KiB
YAML
Raw Blame History

strelka:
backend:
enabled:
description: You can enable or disable Strelka backend.
helpLink: strelka.html
config:
backend:
logging_cfg:
description: Path to the Python logging configuration.
readonly: True
global: False
helpLink: strelka.html
advanced: True
limits:
max_files:
description: Number of files the backend will process before shutting down.
readonly: False
global: False
helpLink: strelka.html
time_to_live:
description: Amount of time (in seconds) that the backend will run before shutting down (0 to disable).
readonly: False
global: False
helpLink: strelka.html
max_depth:
description: Maximum depth that extracted files will be processed by the backend.
readonly: False
global: False
helpLink: strelka.html
distribution:
description: Amount of time (in seconds) that a single file can be distributed to all scanners.
readonly: False
global: False
helpLink: strelka.html
scanner:
description: Amount of time (in seconds) that a scanner can spend scanning a file (can be overridden per scanner).
readonly: False
global: False
helpLink: strelka.html
coordinator:
addr:
description: Network address of the coordinator.
readonly: False
global: False
helpLink: strelka.html
advanced: True
db:
description: Redis database of the coordinator.
readonly: False
global: False
helpLink: strelka.html
advanced: True
tasting:
mime_db:
description: Location of the MIME database used to taste files.
readonly: True
global: False
helpLink: strelka.html
advanced: True
yara_rules:
description: Location of the directory of YARA files that contains rules used to taste files.
readonly: True
global: False
helpLink: strelka.html
advanced: True
scanners:
'ScanBase64': &scannerOptions
description: Configuration options for this scanner.
readonly: False
global: False
helpLink: strelka.html
advanced: True
type: json
multiline: True
'ScanBatch': *scannerOptions
'ScanBzip2': *scannerOptions
'ScanDocx': *scannerOptions
'ScanElf': *scannerOptions
'ScanEmail': *scannerOptions
'ScanEntropy': *scannerOptions
'ScanExiftool': *scannerOptions
'ScanGif': *scannerOptions
'ScanGzip': *scannerOptions
'ScanHash': *scannerOptions
'ScanHeader': *scannerOptions
'ScanHtml': *scannerOptions
'ScanIni': *scannerOptions
'ScanJarManifest': *scannerOptions
'ScanJavascript': *scannerOptions
'ScanJpeg': *scannerOptions
'ScanJson': *scannerOptions
'ScanLibarchive': *scannerOptions
'ScanLzma': *scannerOptions
'ScanMacho': *scannerOptions
'ScanOcr': *scannerOptions
'ScanOle': *scannerOptions
'ScanPdf': *scannerOptions
'ScanPe': *scannerOptions
'ScanPgp': *scannerOptions
'ScanPhp': *scannerOptions
'ScanPkcs7': *scannerOptions
'ScanPlist': *scannerOptions
'ScanRar': *scannerOptions
'ScanRpm': *scannerOptions
'ScanRtf': *scannerOptions
'ScanRuby': *scannerOptions
'ScanSwf': *scannerOptions
'ScanTar': *scannerOptions
'ScanTnef': *scannerOptions
'ScanUpx': *scannerOptions
'ScanUrl': *scannerOptions
'ScanVb': *scannerOptions
'ScanVba': *scannerOptions
'ScanX509': *scannerOptions
'ScanXml': *scannerOptions
'ScanYara': *scannerOptions
'ScanZip': *scannerOptions
'ScanZlib': *scannerOptions
logging:
version:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
formatters:
simple:
format:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
datefmt:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
handlers:
console:
class:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
formatter:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
stream:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
root:
level:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
handlers:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
loggers:
OpenSSL:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
bs4:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
bz2:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
chardet:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
docx:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
elftools:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
email:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
entropy:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
esprima:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
gzip:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
hashlib:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
json:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
libarchive:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
lxml:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
lzma:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
macholibre:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
olefile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
oletools:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
pdfminer:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
pefile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
pgpdump:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
pygments:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
pylzma:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
rarfile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
requests:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
rpmfile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
ssdeep:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
tarfile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
tnefparse:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
yara:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
zipfile:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
zlib:
propagate:
description: This is an advanced option for Strelka logging.
readonly: False
global: False
helpLink: strelka.html
advanced: True
passwords:
description: Passwords that will be stored in the password_file used in scanner options.
readonly: False
global: False
helpLink: strelka.html
multiline: True
filestream:
enabled:
description: You can enable or disable Strelka filestream.
helpLink: strelka.html
config:
conn:
server:
description: Network address of the frontend server.
readonly: False
global: False
helpLink: strelka.html
advanced: True
cert:
description: Local path to the frontend SSL server certificate.
readonly: False
global: False
helpLink: strelka.html
advanced: True
timeout:
dial:
description: Amount of time to wait for the client to dial the server.
readonly: False
global: False
helpLink: strelka.html
advanced: True
file:
description: Amount of time to wait for an individual file to complete a scan.
readonly: False
global: False
helpLink: strelka.html
advanced: True
throughput:
concurrency:
description: Number of concurrent requests to make.
readonly: False
global: False
helpLink: strelka.html
advanced: True
chunk:
description: Size of file chunks that will be sent to the frontend server.
readonly: False
global: False
helpLink: strelka.html
advanced: True
delay:
description: Artificial sleep between the submission of each chunk.
readonly: False
global: False
helpLink: strelka.html
advanced: True
files:
patterns:
description: List of glob patterns that determine which files will be sent for scanning.
readonly: False
global: False
helpLink: strelka.html
advanced: True
delete:
description: Boolean that determines if files should be deleted after being sent for scanning.
readonly: False
global: False
helpLink: strelka.html
advanced: True
gatekeeper:
description: Boolean that determines if events should be pulled from the temporary event cache.
readonly: False
global: False
helpLink: strelka.html
advanced: True
processed:
description: Directory where files will be moved after being submitted for scanning.
readonly: False
global: False
helpLink: strelka.html
advanced: True
response:
report:
description: Frequency at which the frontend reports the number of files processed.
readonly: False
global: False
helpLink: strelka.html
advanced: True
delta:
description: Time value that determines how much time must pass since a file was last modified before it is sent for scanning.
readonly: False
global: False
helpLink: strelka.html
advanced: True
staging:
description: Directory where files are staged before being sent to the cluster.
readonly: False
global: False
helpLink: strelka.html
advanced: True
frontend:
enabled:
description: You can enable or disable Strelka frontend.
helpLink: strelka.html
config:
server:
description: Network address of the frontend server.
readonly: False
global: False
helpLink: strelka.html
advanced: True
coordinator:
addr:
description: Network address of the coordinator.
readonly: False
global: False
helpLink: strelka.html
advanced: True
db:
description: Redis database of the coordinator.
readonly: False
global: False
helpLink: strelka.html
advanced: True
gatekeeper:
addr:
description: Network address of the gatekeeper.
readonly: False
global: False
helpLink: strelka.html
advanced: True
db:
description: Redis database of the gatekeeper.
readonly: False
global: False
helpLink: strelka.html
advanced: True
ttl:
description: Time-to-live for events added to the gatekeeper.
readonly: False
global: False
helpLink: strelka.html
advanced: True
response:
log:
description: Location where worker scan results are logged to.
readonly: False
global: False
helpLink: strelka.html
advanced: True
manager:
enabled:
description: You can enable or disable Strelka manager.
helpLink: strelka.html
config:
coordinator:
addr:
description: Network address of the coordinator.
readonly: False
global: False
helpLink: strelka.html
advanced: True
db:
description: Redis database of the coordinator.
readonly: False
global: False
helpLink: strelka.html
advanced: True
coordinator:
enabled:
description: You can enable or disable Strelka coordinator.
helpLink: strelka.html
gatekeeper:
enabled:
description: You can enable or disable Strelka gatekeeper.
helpLink: strelka.html
rules:
enabled:
description: Boolean that determines if yara rules sync from the Salt manager to the backend nodes.
readonly: False
global: False
helpLink: strelka.html
advanced: False
filecheck:
historypath:
description: The path for previously scanned files.
readonly: True
global: False
helpLink: strelka.html
advanced: True
strelkapath:
description: The path for unprocessed files.
readonly: True
global: False
helpLink: strelka.html
advanced: True
logfile:
description: The path for the filecheck log.
readonly: False
global: False
helpLink: strelka.html
advanced: True
Reference in New Issue View Git Blame Copy Permalink