-
Notifications
You must be signed in to change notification settings - Fork 237
/
Copy pathreference.conf
118 lines (101 loc) · 2.67 KB
/
reference.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
http.port=9001
# handler for errors (transform exception to related http status code
play.http.errorHandler = org.thp.cortex.services.ErrorHandler
play.modules.enabled += org.thp.cortex.Module
cache {
job = 10 minutes
user = 5 minutes
organization = 5 minutes
}
# HTTP filters
play.filters {
# name of cookie in which the CSRF token is transmitted to client
csrf.cookie.name = CORTEX-XSRF-TOKEN
# name of header in which the client should send CSRD token
csrf.header.name = X-CORTEX-XSRF-TOKEN
enabled = [
org.thp.cortex.services.StreamFilter,
org.elastic4play.services.TempFilter,
org.thp.cortex.services.CSRFFilter
]
}
play.http.session.cookieName = CORTEX_SESSION
# ElasticSearch
search {
# Name of the index
index = cortex
# Name of the ElasticSearch cluster
cluster = hive
# Address of the ElasticSearch instance
host = ["127.0.0.1:9300"]
# Scroll keepalive
keepalive = 1m
# Size of the page for scroll
pagesize = 50
# Number of shards
nbshards = 5
# Number of replicas
nbreplicas = 1
# Arbitrary settings
settings {
# Maximum number of nested fields
mapping.nested_fields.limit = 100
}
}
auth.provider = ["local"]
auth.method.basic = false
# Datastore
datastore {
name = data
# Size of stored data chunks
chunksize = 50k
hash {
# Main hash algorithm /!\ Don't change this value
main = "SHA-256"
# Additional hash algorithms (used in attachments)
extra = ["SHA-1", "MD5"]
}
attachment.password = "malware"
}
# Maximum time between two requests without requesting authentication
session {
warning = 5m
inactivity = 1h
}
# Streaming
stream.longpolling {
# Maximum time a stream request waits for new element
refresh = 1m
# Lifetime of the stream session without request
cache = 15m
nextItemMaxWait = 500ms
globalMaxWait = 1s
}
# Name of the ElasticSearch type used to store dblist /!\ Don't change this value
dblist.name = dblist
# Name of the ElasticSearch type used to store audit event /!\ Don't change this value
audit.name = audit
analyzer {
# Directory that holds analyzers
path = []
fork-join-executor {
# Min number of threads available for analyze
parallelism-min = 2
# Parallelism (threads) ... ceil(available processors * factor)
parallelism-factor = 2.0
# Max number of threads available for analyze
parallelism-max = 4
}
}
responder {
# Directory that holds responders
path = []
fork-join-executor {
# Min number of threads available for analyze
parallelism-min = 2
# Parallelism (threads) ... ceil(available processors * factor)
parallelism-factor = 2.0
# Max number of threads available for analyze
parallelism-max = 4
}
}