mirror of https://github.com/CIRCL/AIL-framework
				
				
				
			
		
			
				
	
	
		
			291 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			Plaintext
		
	
	
			
		
		
	
	
			291 lines
		
	
	
		
			6.2 KiB
		
	
	
	
		
			Plaintext
		
	
	
| [Directories]
 | |
| bloomfilters = Blooms
 | |
| dicofilters = Dicos
 | |
| pastes = PASTES
 | |
| hash = HASHS
 | |
| crawled = crawled
 | |
| har = CRAWLED_SCREENSHOT
 | |
| screenshot = CRAWLED_SCREENSHOT/screenshot
 | |
| images = IMAGES
 | |
| 
 | |
| wordtrending_csv = var/www/static/csv/wordstrendingdata
 | |
| wordsfile = files/wordfile
 | |
| 
 | |
| protocolstrending_csv = var/www/static/csv/protocolstrendingdata
 | |
| protocolsfile = files/protocolsfile
 | |
| 
 | |
| tldstrending_csv = var/www/static/csv/tldstrendingdata
 | |
| tldsfile = faup/src/data/mozilla.tlds
 | |
| 
 | |
| domainstrending_csv = var/www/static/csv/domainstrendingdata
 | |
| 
 | |
| sentiment_lexicon_file = sentiment/vader_lexicon.zip/vader_lexicon/vader_lexicon.txt
 | |
| 
 | |
| [Pystemon]
 | |
| dir = /home/pystemon/pystemon/
 | |
| redis_host = localhost
 | |
| redis_port = 6379
 | |
| redis_db = 10
 | |
| 
 | |
| ##### Logs ######
 | |
| [Logs]
 | |
| # activate syslog
 | |
| ail_logs_syslog = False
 | |
| ail_logs_syslog_server =
 | |
| # default=514
 | |
| ail_logs_syslog_port =
 | |
| # ['auth', 'authpriv', 'cron', 'daemon', 'ftp', 'kern', 'lpr', 'mail', 'news', 'syslog', 'user', 'uucp', 'local0', 'local1', 'local2', 'local3', 'local4', 'local5', 'local6', 'local7']
 | |
| ail_logs_syslog_facility =
 | |
| # ['DEBUG', 'INFO', 'NOTICE', 'WARNING', 'ERROR', 'CRITICAL']
 | |
| ail_logs_syslog_level =
 | |
| 
 | |
| ##### Notifications ######
 | |
| [Notifications]
 | |
| ail_domain = https://localhost:7000
 | |
| sender = sender@example.com
 | |
| sender_host = smtp.example.com
 | |
| sender_port = 1337
 | |
| sender_pw = None
 | |
| # Only needed for SMTP over SSL if the mail server don't support TLS (used by default). use this option to validate the server certificate.
 | |
| cert_required = False
 | |
| # Only needed for SMTP over SSL if you want to validate your self signed certificate for SSL
 | |
| ca_file =
 | |
| # Only needed when the credentials for email server needs a username instead of an email address
 | |
| #sender_user = sender
 | |
| sender_user =
 | |
| 
 | |
| # optional for using with authenticated SMTP over SSL
 | |
| # sender_pw = securepassword
 | |
| 
 | |
| ##### Flask #####
 | |
| [Flask]
 | |
| #Proxying requests to the app
 | |
| baseUrl = /
 | |
| #Host to bind to
 | |
| host = 127.0.0.1
 | |
| #Flask server port
 | |
| port = 7000
 | |
| #Number of logs to display in the dashboard
 | |
| max_dashboard_logs = 15
 | |
| #Maximum number of character to display in the toolip
 | |
| max_preview_char = 250
 | |
| #Maximum number of character to display in the modal
 | |
| max_preview_modal = 800
 | |
| #Default number of header to display in trending graphs
 | |
| default_display = 10
 | |
| #Number of minutes displayed for the number of processed pastes.
 | |
| minute_processed_paste = 10
 | |
| #Maximum line length authorized to make a diff between duplicates
 | |
| DiffMaxLineLength = 10000
 | |
| 
 | |
| [AIL_2_AIL]
 | |
| server_host = 0.0.0.0
 | |
| server_port = 4443
 | |
| local_addr = 
 | |
| 
 | |
| #### Modules ####
 | |
| [BankAccount]
 | |
| max_execution_time = 60
 | |
| 
 | |
| [Categ]
 | |
| #Minimum number of match between the paste and the category file
 | |
| matchingThreshold=1
 | |
| 
 | |
| [Credential]
 | |
| #Minimum length that a credential must have to be considered as such
 | |
| minimumLengthThreshold=3
 | |
| #Will be pushed as alert if the number of credentials is greater to that number
 | |
| criticalNumberToAlert=8
 | |
| #Will be considered as false positive if less that X matches from the top password list
 | |
| minTopPassList=5
 | |
| 
 | |
| [Decoder]
 | |
| max_execution_time_base64 = 60
 | |
| max_execution_time_binary = 60
 | |
| max_execution_time_hexadecimal = 60
 | |
| 
 | |
| [Onion]
 | |
| save_i2p = False
 | |
| max_execution_time = 180
 | |
| 
 | |
| [PgpDump]
 | |
| max_execution_time = 60
 | |
| 
 | |
| [Modules_Duplicates]
 | |
| #Number of month to look back
 | |
| maximum_month_range = 3
 | |
| #The value where two pastes are considerate duplicate for ssdeep.
 | |
| threshold_duplicate_ssdeep = 50
 | |
| #The value where two pastes are considerate duplicate for tlsh.
 | |
| threshold_duplicate_tlsh = 52
 | |
| #Minimum size of the paste considered
 | |
| min_paste_size = 0.3
 | |
| 
 | |
| [Module_ModuleInformation]
 | |
| #Threshold to deduce if a module is stuck or not, in seconds.
 | |
| threshold_stucked_module=600
 | |
| 
 | |
| [Module_Mixer]
 | |
| #Define the configuration of the mixer, possible value: 1, 2 or 3
 | |
| operation_mode = 3
 | |
| #Define the time that a paste will be considerate duplicate. in seconds (1day = 86400)
 | |
| ttl_duplicate = 86400
 | |
| default_unnamed_feed_name = unnamed_feeder
 | |
| 
 | |
| [Tracker_Term]
 | |
| max_execution_time = 120
 | |
| 
 | |
| [Tracker_Regex]
 | |
| max_execution_time = 60
 | |
| 
 | |
| ##### Redis #####
 | |
| [Redis_Cache]
 | |
| host = localhost
 | |
| port = 6379
 | |
| db = 0
 | |
| 
 | |
| [Redis_Log]
 | |
| host = localhost
 | |
| port = 6380
 | |
| db = 0
 | |
| 
 | |
| [Redis_Log_submit]
 | |
| host = localhost
 | |
| port = 6380
 | |
| db = 1
 | |
| 
 | |
| [Redis_Queues]
 | |
| host = localhost
 | |
| port = 6381
 | |
| db = 0
 | |
| 
 | |
| [Redis_Process]
 | |
| host = localhost
 | |
| port = 6381
 | |
| db = 2
 | |
| 
 | |
| [Redis_Mixer_Cache]
 | |
| host = localhost
 | |
| port = 6381
 | |
| db = 1
 | |
| 
 | |
| ##### KVROCKS #####
 | |
| 
 | |
| [Kvrocks_DB]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail
 | |
| 
 | |
| [Kvrocks_Duplicates]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail_dups
 | |
| 
 | |
| [Kvrocks_Correlations]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail_correls
 | |
| 
 | |
| [Kvrocks_Crawler]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail_crawlers
 | |
| 
 | |
| [Kvrocks_Objects]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail_objs
 | |
| 
 | |
| [Kvrocks_Relationships]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail_rels
 | |
| 
 | |
| [Kvrocks_Timeline]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail_tls
 | |
| 
 | |
| [Kvrocks_Stats]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail_stats
 | |
| 
 | |
| [Kvrocks_Tags]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail_tags
 | |
| 
 | |
| [Kvrocks_Trackers]
 | |
| host = localhost
 | |
| port = 6383
 | |
| password = ail_trackers
 | |
| 
 | |
| ##### - #####
 | |
| 
 | |
| [Url]
 | |
| cc_critical = DE
 | |
| 
 | |
| [DomClassifier]
 | |
| #cc = DE
 | |
| #cc_tld = r'\.de$'
 | |
| cc =
 | |
| cc_tld =
 | |
| dns = 8.8.8.8
 | |
| 
 | |
| 
 | |
| [Mail]
 | |
| dns = 8.8.8.8
 | |
| 
 | |
| # Indexer configuration
 | |
| [Indexer]
 | |
| type = whoosh
 | |
| path = indexdir
 | |
| register = indexdir/all_index.txt
 | |
| #size in Mb
 | |
| index_max_size = 2000
 | |
| 
 | |
| [ailleakObject]
 | |
| maxDuplicateToPushToMISP=10
 | |
| 
 | |
| ###############################################################################
 | |
| 
 | |
| # For multiple feed, add them with "," without space
 | |
| # e.g.: tcp://127.0.0.1:5556,tcp://127.0.0.1:5557
 | |
| [ZMQ_Global]
 | |
| # address = tcp://127.0.0.1:5556,tcp://crf.circl.lu:5556
 | |
| address = tcp://127.0.0.1:5556
 | |
| channel = 102
 | |
| bind = tcp://127.0.0.1:5556
 | |
| 
 | |
| [RedisPubSub]
 | |
| host = localhost
 | |
| port = 6381
 | |
| db = 0
 | |
| 
 | |
| [Crawler]
 | |
| activate_crawler = False
 | |
| default_depth_limit = 1
 | |
| default_har = True
 | |
| default_screenshot = True
 | |
| onion_proxy = onion.foundation
 | |
| ail_url_to_push_onion_discovery =
 | |
| ail_key_to_push_onion_discovery =
 | |
| 
 | |
| [Translation]
 | |
| libretranslate = 
 | |
| 
 | |
| [IP]
 | |
| # list of comma-separated CIDR that you wish to be alerted for. e.g:
 | |
| #networks = 192.168.34.0/24,10.0.0.0/8,192.168.33.0/24
 | |
| networks =
 | |
| 
 | |
| [SubmitPaste]
 | |
| # 1 Mb Max text paste size for text submission
 | |
| TEXT_MAX_SIZE = 1000000
 | |
| # 1 Gb Max file size for file submission
 | |
| FILE_MAX_SIZE = 1000000000
 | |
| # Managed file extenions for file submission, comma separated
 | |
| # TODO add zip, gz and tar.gz
 | |
| FILE_ALLOWED_EXTENSIONS = txt,sh,pdf,html,json
 |