API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 24th, 2018
126
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.49 KB | None | 0 0
raw download clone embed print report
  1. # maximum number of similar cases
  2. maxSimilarCases = 100
  3.  
  4. # ElasticSearch
  5. search {
  6. # Name of the index
  7. index = the_hive
  8. # Name of the ElasticSearch cluster
  9. cluster = hive
  10. # Address of the ElasticSearch instance
  11. host = ["127.0.0.1:9300"]
  12. # Scroll keepalive
  13. keepalive = 1m
  14. # Size of the page for scroll
  15. pagesize = 50
  16. # Arbitrary settings
  17. settings {
  18. # Maximum number of nested fields
  19. mapping.nested_fields.limit = 50
  20. }
  21. }
  22.  
  23. # Datastore
  24. datastore {
  25. # Size of stored data chunks
  26. chunksize = 50k
  27. hash {
  28. # Main hash algorithm /!\ Don't change this value
  29. main = "SHA-256"
  30. # Additional hash algorithms (used in attachments)
  31. extra = ["SHA-1", "MD5"]
  32. }
  33. attachment.password = "malware"
  34. }
  35.  
  36. auth {
  37. # "provider" parameter contains authentication provider. It can be multi-valued (useful for migration)
  38. # available auth types are:
  39. # local : passwords are stored in user entity (in ElasticSearch). No configuration are required.
  40. # ad : use ActiveDirectory to authenticate users. Configuration is under "auth.ad" key
  41. # ldap : use LDAP to authenticate users. Configuration is under "auth.ldap" key
  42. provider = [local]
  43.  
  44. ad {
  45. # The name of the Microsoft Windows domaine using the DNS format. This parameter is required.
  46. #domainFQDN = "mydomain.local"
  47.  
  48. # Optionally you can specify the host names of the domain controllers. If not set, TheHive uses "domainFQDN".
  49. #serverNames = [ad1.mydomain.local, ad2.mydomain.local]
  50.  
  51. # The Microsoft Windows domain name using the short format. This parameter is required.
  52. #domainName = "MYDOMAIN"
  53.  
  54. # Use SSL to connect to the domain controller(s).
  55. #useSSL = true
  56. }
  57.  
  58. ldap {
  59. # LDAP server name or address. Port can be specified (host:port). This parameter is required.
  60. #serverName = "ldap.mydomain.local:389"
  61.  
  62. # If you have multiple ldap servers, use the multi-valued settings.
  63. #serverNames = [ldap1.mydomain.local, ldap2.mydomain.local]
  64.  
  65. # Use SSL to connect to directory server
  66. #useSSL = true
  67.  
  68. # Account to use to bind on LDAP server. This parameter is required.
  69. #bindDN = "cn=thehive,ou=services,dc=mydomain,dc=local"
  70.  
  71. # Password of the binding account. This parameter is required.
  72. #bindPW = "***secret*password***"
  73.  
  74. # Base DN to search users. This parameter is required.
  75. #baseDN = "ou=users,dc=mydomain,dc=local"
  76.  
  77. # Filter to search user {0} is replaced by user name. This parameter is required.
  78. #filter = "(cn={0})"
  79. }
  80. }
  81.  
  82. # Maximum time between two requests without requesting authentication
  83. session {
  84. warning = 5m
  85. inactivity = 1h
  86. }
  87.  
  88. # Streaming
  89. stream.longpolling {
  90. # Maximum time a stream request waits for new element
  91. refresh = 1m
  92. # Lifetime of the stream session without request
  93. cache = 15m
  94. nextItemMaxWait = 500ms
  95. globalMaxWait = 1s
  96. }
  97.  
  98. # Cortex configuration
  99. ########
  100.  
  101. cortex {
  102. #"CORTEX-SERVER-ID" {
  103. # # URL of MISP server
  104. # url = ""
  105. # #HTTP client configuration, more details in section 8
  106. # ws {
  107. # ws.useProxyProperties = true
  108. # proxy {
  109. # # The hostname of the proxy server.
  110. # #host = ""
  111. # # The port of the proxy server.
  112. # #post = 0
  113. # # The protocol of the proxy server. Use "http" or "https". Defaults to "http" if not specified.
  114. # #protocol = "http"
  115. # # The username of the credentials for the proxy server.
  116. # #user = ""
  117. # # The password for the credentials for the proxy server.
  118. # #password = ""
  119. # # The password for the credentials for the proxy server.
  120. # #ntlmDomain = ""
  121. # # The realm's charset.
  122. # #encoding = ""
  123. # # The list of host on which proxy must not be used.
  124. # #nonProxyHosts = ""
  125. # }
  126. # ssl {
  127. # keyManager { # used for client certificate authentication
  128. # stores = [{
  129. # type: "pkcs12" // JKS or PEM
  130. # path: "mycert.p12"
  131. # password: "password1"
  132. # }]
  133. # }
  134. # # Add certificate authorities to trust remote certificate
  135. # trustManager {
  136. # stores = [{
  137. # type: "JKS" // JKS or PEM
  138. # path: "keystore.jks"
  139. # password: "password1"
  140. # }]
  141. # }
  142. # debug = {
  143. # ssl = false
  144. # trustmanager = false
  145. # keymanager = false
  146. # sslctx = false
  147. # handshake = false
  148. # verbose = false
  149. # data = false
  150. # certpath = false
  151. # }
  152. #
  153. # # default SSL protocol
  154. # #protocol = "TLSv1.2"
  155. #
  156. # # list of enabled SSL protocols
  157. # #ws.ssl.enabledProtocols = ["TLSv1.2", "TLSv1.1", "TLSv1"]
  158. #
  159. # # SSL Cipher suite
  160. # #enabledCipherSuites = [
  161. # # "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
  162. # # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
  163. # # "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
  164. # # "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
  165. # #]
  166. # }
  167. # }
  168. #}
  169.  
  170. # MISP configuration
  171. ########
  172.  
  173. misp {
  174. #"MISP-SERVER-ID" {
  175. # # URL of MISP server
  176. # url = ""
  177. # # authentication key
  178. # key = ""
  179. # #tags to be added to imported artifact
  180. # tags = ["misp"]
  181. #
  182. # # filters:
  183. # # the maximum number of attributes (max-attributes)
  184. # #max-attributes = 1000
  185. # # the maximum size of the event json message
  186. # #max-size = 1 MiB
  187. # # the age of the last publication
  188. # #max-age = 7 days
  189. # exclusion {
  190. # # the organisation is black-listed
  191. # #organisation = ["bad organisation", "other orga"]
  192. # # one of the tags is black-listed
  193. # #tags = ["tag1", "tag2"]
  194. # }
  195. #
  196. # ws {
  197. # ws.useProxyProperties = true
  198. # proxy {
  199. # # The hostname of the proxy server.
  200. # #host = ""
  201. # # The port of the proxy server.
  202. # #post = 0
  203. # # The protocol of the proxy server. Use "http" or "https". Defaults to "http" if not specified.
  204. # #protocol = "http"
  205. # # The username of the credentials for the proxy server.
  206. # #user = ""
  207. # # The password for the credentials for the proxy server.
  208. # #password = ""
  209. # # The password for the credentials for the proxy server.
  210. # #ntlmDomain = ""
  211. # # The realm's charset.
  212. # #encoding = ""
  213. # # The list of host on which proxy must not be used.
  214. # #nonProxyHosts = ""
  215. # }
  216. #
  217. # ssl {
  218. # keyManager { # used for client certificate authentication
  219. # stores = [{
  220. # type: "pkcs12" // JKS or PEM
  221. # path: "mycert.p12"
  222. # password: "password1"
  223. # }]
  224. # }
  225. # # Add certificate authorities to trust remote certificate
  226. # trustManager {
  227. # stores = [{
  228. # type: "JKS" // JKS or PEM
  229. # path: "keystore.jks"
  230. # password: "password1"
  231. # }]
  232. # }
  233. # debug = {
  234. # ssl = false
  235. # trustmanager = false
  236. # keymanager = false
  237. # sslctx = false
  238. # handshake = false
  239. # verbose = false
  240. # data = false
  241. # certpath = false
  242. # }
  243. #
  244. # # default SSL protocol
  245. # #protocol = "TLSv1.2"
  246. #
  247. # # list of enabled SSL protocols
  248. # #ws.ssl.enabledProtocols = ["TLSv1.2", "TLSv1.1", "TLSv1"]
  249. #
  250. # # SSL Cipher suite
  251. # #enabledCipherSuites = [
  252. # # "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
  253. # # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
  254. # # "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
  255. # # "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
  256. # #]
  257. # }
  258. # }
  259. #}
  260.  
  261. # Interval between two MISP event import
  262. interval = 1h
  263.  
  264. }
  265.  
  266. # Metrics configuration
  267. ########
  268.  
  269. metrics {
  270. name = default
  271. enabled = false
  272. rateUnit = SECONDS
  273. durationUnit = SECONDS
  274. jvm = true
  275. logback = true
  276.  
  277. graphite {
  278. enabled = false
  279. host = "127.0.0.1"
  280. port = 2003
  281. prefix = thehive
  282. rateUnit = SECONDS
  283. durationUnit = MILLISECONDS
  284. period = 10s
  285. }
  286.  
  287. ganglia {
  288. enabled = false
  289. host = "127.0.0.1"
  290. port = 8649
  291. mode = UNICAST
  292. ttl = 1
  293. version = 3.1
  294. prefix = thehive
  295. rateUnit = SECONDS
  296. durationUnit = MILLISECONDS
  297. tmax = 60
  298. dmax = 0
  299. period = 10s
  300. }
  301.  
  302. influx {
  303. enabled = false
  304. url = "http://127.0.0.1:8086"
  305. user = root
  306. password = root
  307. database = thehive
  308. retention = default
  309. consistency = ALL
  310. #tags = {
  311. # tag1 = value1
  312. # tag2 = value2
  313. #}
  314. period = 10s
  315. }
  316. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!