Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
62 lines (54 sloc) 2.19 KB
api_key:
# The OpenDNSFilter requires an API key for OpenDNS Investigate
opendns: "ADD YOUR KEY"
# The VTHashesFilter requires an API key for VirusTotal
virustotal: "ADD YOUR KEY"
# The BlacklistFilter allows for multiple blacklists to be compared against at once
# Each blacklists requires:
# - blacklist_name, A name
# - blacklist_keys, JSON paths. These can be of the form "a.b" to look at "b" in {"a": {"b": "foo"}}
# - blacklist_file_path, the path to a file containing values considered blacklisted. Any line starting with # is skipped
# - blacklist_is_regex, should values in the file be treated as Python regex
# - blacklist_is_domains, should values in the file be treated as domains and analyzed with some smart regex to retrieve subdomain etc.
blacklists:
- blacklist_name: "hashes"
blacklist_keys:
- "md5"
- "sha1"
- "sha2"
blacklist_file_path: "/tmp/hash_blacklist.txt"
blacklist_is_regex: False
- blacklist_name: "domains"
blacklist_keys:
- "osxcollector_domains"
blacklist_file_path: "/tmp/domain_blacklist.txt"
blacklist_is_regex: False
blacklist_is_domains: True
# domain_whitelist is a special blacklist entry. Anything on this list won't be looked up with
# OpenDNS or VirusTotal
domain_whitelist:
blacklist_name: "Ignore Domains"
blacklist_keys:
- "osxcollector_domains"
blacklist_file_path: "/tmp/domain_whitelist.txt"
blacklist_is_domains: True
blacklist_is_regex: True
opendns:
LookupDomainsFilter:
cache_file_name: "/tmp/cache.opendns.LookupDomainsFilter.json"
RelatedDomainsFilter:
cache_file_name: "/tmp/cache.opendns.RelatedDomainsFilter.json"
shadowserver:
LookupHashesFilter:
cache_file_name: "/tmp/cache.shadowserver.LookupHashesFilter.json"
virustotal:
LookupHashesFilter:
cache_file_name: "/tmp/cache.virustotal.LookupHashesFilter.json"
LookupDomainsFilter:
cache_file_name: "/tmp/cache.virustotal.LookupDomainsFilter.json"
LookupURLsFilter:
cache_file_name: "/tmp/cache.virustotal.LookupURLsFilter.json"
resources_per_req: 4
alexa:
LookupRankingsFilter:
cache_file_name: "/tmp/cache.alexa.LookupRankingsFilter.json"
You can’t perform that action at this time.