-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yaml.example
45 lines (43 loc) · 1.2 KB
/
config.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Collectors settings
# -------------------
collectors:
tie:
# Set to true to enable this collector
enable: true
# TIE API version. Currently: 1
api-version: 1
# Base URL for the DCSO TIE service
baseurl: https://tie.dcso.de/api/v1/iocs
# TIE token for the API
token:
# Categories to select IoCs for
categories:
- c2-server
- espionage
# Indicator types to be selected from the TIE
data-types:
- DomainName
- URLVerbatim
# Time selection constraint
since: 4h
# Query name, e.g. "updated_at_since", "created_at_since", "first_seen_since"
time-query-name: created_at_since
# Severity range to search for. Both ends need to be specified
# (range 0-6)
severity:
from: 1
to: 5
chunk-size: 100
# Maximum limit for returned IoCs, which will be returned sorted by
# data types, in the order specified in the "data-types" config field above
# Set to 0 to disable limiting.
limit:
total: 1000
# Threat Bus ZeroMQ connection settings
# -------------------------------------
threatbus:
host: 127.0.0.1
port: 13372
# legacy or stix2
format: legacy
logfile: /var/log/tie-threatbus-bridge.log