lookup-common.env.example

# Whether or not domain names (from DNS queries and SSL server names) will be assigned entropy scores
#   as calculated by freq
FREQ_LOOKUP=true
# When severity scoring is enabled, this variable indicates the entropy threshold for
#   assigning severity to events with entropy scores calculated by freq;
#   a lower value will only assign severity scores to fewer domain names with higher entropy
FREQ_SEVERITY_THRESHOLD=2.0
# When severity scoring is enabled, this variable indicates the size threshold (in megabytes)
#   for assigning severity to large connections or file transfers
TOTAL_MEGABYTES_SEVERITY_THRESHOLD=1000
# When severity scoring is enabled, this variable indicates the duration threshold (in seconds)
#   for assigning severity to long connections
CONNECTION_SECONDS_SEVERITY_THRESHOLD=3600
# When severity scoring is enabled, this variable defines a comma-separated list of
#   sensitive countries (using ISO 3166-1 alpha-2 codes)
SENSITIVE_COUNTRY_CODES=AM,AZ,BY,CN,CU,DZ,GE,HK,IL,IN,IQ,IR,KG,KP,KZ,LY,MD,MO,PK,RU,SD,SS,SY,TJ,TM,TW,UA,UZ