mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-28 19:28:50 +00:00
137 lines
2.9 KiB
INI
137 lines
2.9 KiB
INI
[MAIN]
|
|
homedir = /opt/ewsposter/
|
|
spooldir = /opt/ewsposter/spool/
|
|
logdir = /opt/ewsposter/log/
|
|
del_malware_after_send = false
|
|
send_malware = true
|
|
sendlimit = 500
|
|
contact = your_email_address
|
|
proxy =
|
|
ip =
|
|
|
|
[EWS]
|
|
ews = true
|
|
username = your_username
|
|
token = your_token
|
|
rhost_first = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
|
|
rhost_second = https://community.sicherheitstacho.eu/ews-0.1/alert/postSimpleMessage
|
|
ignorecert = false
|
|
|
|
[HPFEED]
|
|
hpfeed = %(EWS_HPFEEDS_ENABLE)s
|
|
host = %(EWS_HPFEEDS_HOST)s
|
|
port = %(EWS_HPFEEDS_PORT)s
|
|
channels = %(EWS_HPFEEDS_CHANNELS)s
|
|
ident = %(EWS_HPFEEDS_IDENT)s
|
|
secret= %(EWS_HPFEEDS_SECRET)s
|
|
# path/to/certificate for tls broker - or "false" for non-tls broker
|
|
tlscert = %(EWS_HPFEEDS_TLSCERT)s
|
|
# hpfeeds submission format: "ews" (xml) or "json"
|
|
hpfformat = %(EWS_HPFEEDS_FORMAT)s
|
|
|
|
[EWSJSON]
|
|
json = false
|
|
jsondir = /data/ews/json/
|
|
|
|
[GLASTOPFV3]
|
|
glastopfv3 = true
|
|
nodeid = glastopfv3-{{ ansible_hostname }}
|
|
sqlitedb = /data/glastopf/db/glastopf.db
|
|
malwaredir = /data/glastopf/data/files/
|
|
|
|
[GLASTOPFV2]
|
|
glastopfv2 = false
|
|
nodeid =
|
|
mysqlhost =
|
|
mysqldb =
|
|
mysqluser =
|
|
mysqlpw =
|
|
malwaredir =
|
|
|
|
[KIPPO]
|
|
kippo = false
|
|
nodeid =
|
|
mysqlhost =
|
|
mysqldb =
|
|
mysqluser =
|
|
mysqlpw =
|
|
malwaredir =
|
|
|
|
[COWRIE]
|
|
cowrie = true
|
|
nodeid = cowrie-{{ ansible_hostname }}
|
|
logfile = /data/cowrie/log/cowrie.json
|
|
|
|
[DIONAEA]
|
|
dionaea = true
|
|
nodeid = dionaea-{{ ansible_hostname }}
|
|
malwaredir = /data/dionaea/binaries/
|
|
sqlitedb = /data/dionaea/log/dionaea.sqlite
|
|
|
|
[HONEYTRAP]
|
|
honeytrap = true
|
|
nodeid = honeytrap-{{ ansible_hostname }}
|
|
newversion = true
|
|
payloaddir = /data/honeytrap/attacks/
|
|
attackerfile = /data/honeytrap/log/attacker.log
|
|
|
|
[RDPDETECT]
|
|
rdpdetect = false
|
|
nodeid =
|
|
iptableslog =
|
|
targetip =
|
|
|
|
[EMOBILITY]
|
|
eMobility = false
|
|
nodeid = emobility-{{ ansible_hostname }}
|
|
logfile = /data/emobility/log/centralsystemEWS.log
|
|
|
|
[CONPOT]
|
|
conpot = true
|
|
nodeid = conpot-{{ ansible_hostname }}
|
|
logfile = /data/conpot/log/conpot*.json
|
|
|
|
[ELASTICPOT]
|
|
elasticpot = true
|
|
nodeid = elasticpot-{{ ansible_hostname }}
|
|
logfile = /data/elasticpot/log/elasticpot.log
|
|
|
|
[SURICATA]
|
|
suricata = true
|
|
nodeid = suricata-{{ ansible_hostname }}
|
|
logfile = /data/suricata/log/eve.json
|
|
|
|
[MAILONEY]
|
|
mailoney = true
|
|
nodeid = mailoney-{{ ansible_hostname }}
|
|
logfile = /data/mailoney/log/commands.log
|
|
|
|
[RDPY]
|
|
rdpy = true
|
|
nodeid = rdpy-{{ ansible_hostname }}
|
|
logfile = /data/rdpy/log/rdpy.log
|
|
|
|
[VNCLOWPOT]
|
|
vnclowpot = true
|
|
nodeid = vnclowpot-{{ ansible_hostname }}
|
|
logfile = /data/vnclowpot/log/vnclowpot.log
|
|
|
|
[HERALDING]
|
|
heralding = true
|
|
nodeid = heralding-{{ ansible_hostname }}
|
|
logfile = /data/heralding/log/auth.csv
|
|
|
|
[CISCOASA]
|
|
ciscoasa = true
|
|
nodeid = ciscoasa-{{ ansible_hostname }}
|
|
logfile = /data/ciscoasa/log/ciscoasa.log
|
|
|
|
[TANNER]
|
|
tanner = true
|
|
nodeid = tanner-{{ ansible_hostname }}
|
|
logfile = /data/tanner/log/tanner_report.json
|
|
|
|
[GLUTTON]
|
|
glutton = true
|
|
nodeid = glutton-{{ ansible_hostname }}
|
|
logfile = /data/glutton/log/glutton.log
|