You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The purpose of this section is to learn how to configure OpenBAS to have it tailored for your production and development needs. It is possible to check all default parameters implemented in the platform in the application.properties file.
Here are the configuration keys, for both containers (environment variables) and manual deployment.
!!! note "Parameters equivalence"
The equivalent of a config variable in environment variables is the usage of an underscore (`_`) for a level of config.
For example:
```yaml
spring.servlet.multipart.max-file-size=5GB
```
will become:
```bash
SPRING_SERVLET_MULTIPART_MAX-FILE-SIZE=5GB
```
URL of the database (ex jdbc:postgresql://postgresql.mydomain.com:5432/openbas)
spring.datasource.username
SPRING_DATASOURCE_USERNAME
Login for the database
spring.datasource.password
SPRING_DATASOURCE_PASSWORD
password
Password for the database
RabbitMQ
Parameter
Environment variable
Default value
Description
openbas.rabbitmq.prefix
OPENBAS_RABBITMQ_PREFIX
openbas
Prefix for the queue names
openbas.rabbitmq.hostname
OPENBAS_RABBITMQ_HOSTNAME
localhost
Hostname of the RabbitMQ server
openbas.rabbitmq.vhost
OPENBAS_RABBITMQ_VHOST
/
Vhost of the RabbitMQ server
openbas.rabbitmq.port
OPENBAS_RABBITMQ_PORT
5672
Port of the RabbitMQ Server
openbas.rabbitmq.ssl
OPENBAS_RABBITMQ_SSL
false
Use SSL
openbas.rabbitmq.user
OPENBAS_RABBITMQ_USER
guest
RabbitMQ user
openbas.rabbitmq.pass
OPENBAS_RABBITMQ_PASS
guest
RabbitMQ password
openbas.rabbitmq.queue-type
OPENBAS_RABBITMQ_QUEUE-TYPE
classic
RabbitMQ Queue Type ("classic" or "quorum")
S3 bucket
Parameter
Environment variable
Default value
Description
minio.endpoint
MINIO_ENDPOINT
localhost
Hostname of the S3 Service. Example if you use AWS Bucket S3: s3.us-east-1.amazonaws.com (if minio:bucket_region value is us-east-1). This parameter value can be omitted if you use Minio as an S3 Bucket Service.
minio.port
MINIO_PORT
9000
Port of the S3 Service. For AWS Bucket S3 over HTTPS, this value can be changed (usually 443).
minio.secure
MINIO_SECURE
false
Indicates whether the S3 Service has TLS enabled. For AWS Bucket S3 over HTTPS, this value could be true.
minio.access-key
MINIO_ACCESS-KEY
key
Access key for the S3 Service.
minio.access-secret
MINIO_ACCESS-SECRET
secret
Secret key for the S3 Service.
minio.bucket
MINIO_BUCKET
openbas
S3 bucket name. Useful to change if you use AWS.
minio.bucket-region
MINIO_BUCKET-REGION
us-east-1
Region of the S3 bucket if you are using AWS. This parameter value can be omitted if you use Minio as an S3 Bucket Service.
Executors (neutral agents)
To be able to use the power of the OpenBAS platform on endpoints, you need at least one executor that will be in charge of spawing temporary processes (endpoint injectors) which will execute payloads.
!!! note "Supported executors"
We currently support only Caldera and Tanium but are actively working on our own agent as well as supporting more third-party.
Caldera
Parameter
Environment variable
Default value
Description
executor.caldera.enable
EXECUTOR_CALDERA_ENABLE
true
Enable the Caldera executor
executor.caldera.url
EXECUTOR_CALDERA_URL
Caldera URL
executor.caldera.public-url
EXECUTOR_CALDERA_PUBLIC-URL
Caldera URL accessible from endpoints
executor.caldera.api-key
EXECUTOR_CALDERA_API-KEY
Caldera API key
Tanium
!!! note "Tanium Packages"
To use the Tanium executor, please install the [OpenBAS packages](https://github.com/OpenBAS-Platform/openbas/blob/master/openbas-framework/src/main/java/io/openbas/executors/tanium/openbas-tanium-packages.json) on the Tanium platform and fill their IDs in the configuration below.
Parameter
Environment variable
Default value
Description
executor.tanium.enable
EXECUTOR_TANIUM_ENABLE
false
Enable the Tanium executor
executor.tanium.url
EXECUTOR_TANIUM_URL
Tanium URL
executor.tanium.api-key
EXECUTOR_TANIUM_API-KEY
Tanium API key
executor.tanium.computer-group-id
EXECUTOR_TANIUM_COMPUTER_GROUP_ID
Tanium Computer Group to be used in simulations
executor.tanium.windows-package-id
EXECUTOR_TANIUM_WINDOWS_PACKAGE_ID
ID of the OpenBAS Tanium Windows package
executor.tanium.unix-package-id
EXECUTOR_TANIUM_UNIX_PACKAGE_ID
ID of the OpenBAS Tanium Unix package
Mail services
For the associated mailbox, for the moment the platform only relies on IMAP / SMTP protocols, we are actively developing integrations with APIs such as O365 and Google Apps.
There are several possibilities for [Enterprise Edition](../administration/enterprise.md) customers to use OpenBAS AI endpoints:
- Use the Filigran AI Service leveraging our custom AI model using the token given by the support team.
- Use OpenAI or MistralAI cloud endpoints using your own tokens.
- Deploy or use local AI endpoints (Filigran can provide you with the custom model).
Parameter
Environment variable
Default value
Description
ai.enabled
AI_ENABLED
true
Enable AI capabilities
ai.type
AI_TYPE
mistralai
AI type (mistralai or openai)
ai.endpoint
AI_ENDPOINT
Endpoint URL (empty means default cloud service)
ai.token
AI_TOKEN
Token for endpoint credentials
ai.model
AI_MODEL
Model to be used for text generation (depending on type)
ai.model_images
AI_MODEL_IMAGES
Model to be used for image generation (depending on type)