forked from OpenCTI-Platform/connectors
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docker-compose.yml
31 lines (31 loc) · 1.35 KB
/
docker-compose.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
version: '3'
services:
connector-crowdstrike:
image: opencti/connector-crowdstrike:4.4.1
environment:
- OPENCTI_URL=http://localhost
- OPENCTI_TOKEN=ChangeMe
- CONNECTOR_ID=ChangeMe
- CONNECTOR_TYPE=EXTERNAL_IMPORT
- CONNECTOR_NAME=CrowdStrike
- CONNECTOR_SCOPE=crowdstrike
- CONNECTOR_CONFIDENCE_LEVEL=15 # From 0 (Unknown) to 100 (Fully trusted)
- CONNECTOR_UPDATE_EXISTING_DATA=false
- CONNECTOR_LOG_LEVEL=info
- CROWDSTRIKE_BASE_URL=https://api.crowdstrike.com
- CROWDSTRIKE_CLIENT_ID=ChangeMe
- CROWDSTRIKE_CLIENT_SECRET=ChangeMe
- CROWDSTRIKE_TLP=Amber
- CROWDSTRIKE_CREATE_OBSERVABLES=true
- CROWDSTRIKE_CREATE_INDICATORS=true
- CROWDSTRIKE_SCOPES=actor,report,indicator,yara_master
- CROWDSTRIKE_ACTOR_START_TIMESTAMP=0
- CROWDSTRIKE_REPORT_START_TIMESTAMP=0 # BEWARE! A lot of reports!
- CROWDSTRIKE_REPORT_STATUS=New
- CROWDSTRIKE_REPORT_INCLUDE_TYPES=notice,tipper,intelligence report,periodic report
- CROWDSTRIKE_REPORT_TYPE=threat-report
- CROWDSTRIKE_REPORT_GUESS_MALWARE=false # Use report tags to guess malware
- CROWDSTRIKE_INDICATOR_START_TIMESTAMP=0 # BEWARE! A lot of indicators!
- CROWDSTRIKE_INDICATOR_EXCLUDE_TYPES=hash_ion,hash_md5,hash_sha1
- CROWDSTRIKE_INTERVAL_SEC=1800
restart: always