forked from cisagov/Malcolm
-
Notifications
You must be signed in to change notification settings - Fork 54
/
lookup-common.env.example
16 lines (16 loc) · 1.04 KB
/
lookup-common.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Whether or not domain names (from DNS queries and SSL server names) will be assigned entropy scores
# as calculated by freq
FREQ_LOOKUP=true
# When severity scoring is enabled, this variable indicates the entropy threshold for
# assigning severity to events with entropy scores calculated by freq;
# a lower value will only assign severity scores to fewer domain names with higher entropy
FREQ_SEVERITY_THRESHOLD=2.0
# When severity scoring is enabled, this variable indicates the size threshold (in megabytes)
# for assigning severity to large connections or file transfers
TOTAL_MEGABYTES_SEVERITY_THRESHOLD=1000
# When severity scoring is enabled, this variable indicates the duration threshold (in seconds)
# for assigning severity to long connections
CONNECTION_SECONDS_SEVERITY_THRESHOLD=3600
# When severity scoring is enabled, this variable defines a comma-separated list of
# sensitive countries (using ISO 3166-1 alpha-2 codes)
SENSITIVE_COUNTRY_CODES=AM,AZ,BY,CN,CU,DZ,GE,HK,IL,IN,IQ,IR,KG,KP,KZ,LY,MD,MO,PK,RU,SD,SS,SY,TJ,TM,TW,UA,UZ