-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathservice_manifest.yml
78 lines (70 loc) · 2.42 KB
/
service_manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
name: Safelist
version: $SERVICE_TAG
description: This service will check the file hashes against Assemblyline's internal safelist infrastructure and mark files as safe accordingly.
accepts: .*
rejects: empty|metadata/.*
stage: FILTER
category: Filtering
file_required: false
timeout: 10
disable_cache: false
privileged: true
enabled: true
config:
cache_timeout_seconds: 1800
lookup_md5: false
lookup_sha1: true
lookup_sha256: true
trusted_distributors:
- "^Apple.*"
- "^Microsoft.*"
- "^Google.*"
- "^Canonical.*"
- "^Red Hat.*"
- "^Oracle.*"
docker_config:
image: ${REGISTRY}cccs/assemblyline-service-safelist:$SERVICE_TAG
cpu_cores: 0.4
ram_mb: 256
heuristics:
- heur_id: 1
name: Safelisted by external source
score: -1000
filetype: "*"
description: Hash is found in an external source of know good files
- heur_id: 2
name: Safelisted by user
score: -1000
filetype: "*"
description: A user of this system found this file to be safe
dependencies:
updates:
container:
allow_internet_access: true
command: ["python", "-m", "safelist.update_server"]
image: ${REGISTRY}cccs/assemblyline-service-safelist:$SERVICE_TAG
ports: ["5003"]
# Upper-bound, adjust based on sources
cpu_cores: 2
ram_mb: 4096
run_as_core: True
update_config:
update_interval_seconds: 86400
wait_for_update: false
generates_signatures: false
sources:
[]
# We will not force a safelist onto our users.
# Here are examples of NSRL sources that are working with the updater:
# - name: NSRL_modern
# pattern: RDS_${QUARTERLY}_modern_minimal/RDS_${QUARTERLY}_modern_minimal.db
# uri: https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/rds_${QUARTERLY}/RDS_${QUARTERLY}_modern_minimal.zip
# - name: NSRL_legacy
# pattern: RDS_${QUARTERLY}_legacy_minimal/RDS_${QUARTERLY}_legacy_minimal.db
# uri: https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/rds_${QUARTERLY}/RDS_${QUARTERLY}_legacy_minimal.zip
# - name: NSRL_android
# pattern: RDS_${QUARTERLY}_android_minimal/RDS_${QUARTERLY}_android_minimal.db
# uri: https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/rds_${QUARTERLY}/RDS_${QUARTERLY}_android_minimal.zip
# - name: NSRL_ios
# pattern: RDS_${QUARTERLY}_ios_minimal/RDS_${QUARTERLY}_ios_minimal.db
# uri: https://s3.amazonaws.com/rds.nsrl.nist.gov/RDS/rds_${QUARTERLY}/RDS_${QUARTERLY}_ios_minimal.zip