forked from ag-michael/thehive-falcon
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy paththehive_config.json
49 lines (47 loc) · 1.34 KB
/
thehive_config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
{
"Verify_SSL": true,
"defaultCaseTemplate": "default playbook",
"tag_fields":["DetectName","Tactic","Technique","Objective"],
"email_alerts":false,
"email_notify":["[email protected]","[email protected]"],
"email_from":"[email protected]",
"email_server":"email.corp.com",
"whitelist_config":"./whitelist.json",
"blacklist_config":"./blacklist.json",
"observable_map": {
"CommandLine": {
"dataType": "commandline",
"message": "Command Line"
},
"ComputerName": {
"dataType": "hostname",
"message": "Computer Name"
},
"UserName": {
"dataType": "user",
"message": "User name"
},
"FileName": {
"dataType": "filename",
"message": "Triggering File Name"
},
"SHA256String": {
"dataType": "hash",
"message": "Triggering SHA256 hash"
},
"Tactic": {
"dataType": "tactic",
"message": "Attacker Tactic"
},
"Technique": {
"dataType": "technique",
"message": "Attacker Technique"
},
"Objective": {
"dataType": "objective",
"message": "Attacker Objective"
}
},
"thehiveapi": "<api key for thehive>",
"thehiveurl": "<url to your instance of thehive>/api/alert"
}