-
Notifications
You must be signed in to change notification settings - Fork 51
/
Copy pathconfig.yml-sample
111 lines (101 loc) · 3.73 KB
/
config.yml-sample
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
################################################
# FalconHound Configuration File
################################################
# This file contains the configuration for FalconHound
# Add your API keys here in the proper section
################################################
# Add your Keyvault information here
# This is optional, when used, FalconHound will pull the
# API keys from Keyvault instead of this file
# start with the -keyvault flag
# if managedIdentity is true, then tenantID, appID and appSecret can be omitted.
# if you wish to use client secret credentials, then define appid, tenantID and appSecret
################################################
keyvault:
uri: https://XXXXXXXX.vault.azure.net/
tenantID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appSecret: xxxxxxxxxxxxxx
managedIdentity: false
################################################
# Add your Sentinel connection information here
################################################
sentinel:
managedIdentity: false
tenantID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appSecret: xxxxxxxxxxxxxx
## All the below information is required
workspaceID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
subscriptionID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
resourceGroup: "XXXXXXX"
sharedKey: xxxxxxxxxxxxxx
targetTable: "FalconHound"
workspaceName: "XXXXXXXX"
################################################
# Add your MDE connection information here
# This can be the same app as Sentinel
# or preferably a different one
################################################
MDE:
managedIdentity: false
tenantID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appSecret: xxxxxxxxxxxxxx
################################################
# Add your MS Graph connection information here
# This can be the same app as Sentinel or a different one
################################################
graph:
managedIdentity: false
tenantID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appSecret: xxxxxxxxxxxxxx
################################################
# Add your Neo4j connection information here
################################################
neo4j:
uri: bolt://XX.XX.XX.XX:7687
password: xxxxxxxxxxxxxx
username: neo4j
################################################
# Add your BloodHound connection information here
################################################
bloodhound:
url: http://xxxxx:8080
tokenID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
tokenKey: xxxxxxxxxxxxxx==
################################################
# Add your Splunk connection information here
################################################
splunk:
url: https://10.10.2.140
index: wineventlog
hecport: 8088
hectoken: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
apiport: 8089
apitoken:
################################################
# Add your LogScale / Humio connection information here
################################################
logscale:
url: https://cloud.community.humio.com
token:
repository:
################################################
# Add your Elastic cloud connection information here
################################################
elastic:
cloudid:
apikey:
################################################
# Add your Azure Data Explorer connection information here
# This can be the same app as Sentinel or a different one
################################################
adx:
clusterUrl: https://xxx.westeurope.kusto.windows.net
database: enrichments
table: FalconHound
tenantID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
appSecret: xxxxxxxxxxxxxx