Skip to content
This repository has been archived by the owner on Apr 27, 2023. It is now read-only.

Latest commit

 

History

History
44 lines (31 loc) · 1.12 KB

CONFIGURING.md

File metadata and controls

44 lines (31 loc) · 1.12 KB
Raw

Configuring Threatseer

agent

Important flags:

$ ./bin/agent -h
Usage of ./bin/agent:
  -server string
    	remote server to send telemetry to (default "127.0.0.1:8081")
  -tls
    	enable tls
  -ca string
    	custom certificate authority for the remote server to send telemetry to
  -cert string
    	certificate for agent
  -key string
    	key for agent
  -cn string
    	override the expected common name of the remote server

See /docs/TLS.md for information on generating certs.

server

See /docs/TLS.md for information on generating certs.

Daemon

Daemon-level configuration options are in /threatseer.yml. The daemon config is self-documented.

Logging

Configure threatseer.yml per the docs or the documentation in the file.

Analysis Engines

Configure the yaml files in the config folder to your needs.

Dynamic Rules Engine syntax

Example queries tested here