WmCmRiSD

· 5 years ago · Jan 20, 2020, 12:46 PM
1# Timesketch configuration
2
3# Show debug information.
4# Note: It is a security risk to have this enabled in production.
5DEBUG = False
6
7# Key for signing cookies and for CSRF protection.
8#
9# This should be a unique random string. Don't share this with anyone.
10# To generate a key, you can for example use openssl:
11# $ openssl rand -base64 32
12SECRET_KEY = 't1mOrTKcqFmGdaUHYGtHvZDAB6foQ9PAHtBtK44TkI8='
13
14# Setup the database.
15#
16# For more options, see the official documentation:
17# https://pythonhosted.org/Flask-SQLAlchemy/config.html
18# By default sqlite is used.
19#
20# NOTE: SQLite should only be used in development. Use PostgreSQL or MySQL in
21# production.
22SQLALCHEMY_DATABASE_URI = 'postgresql://timesketch:Niettelangopkantoor@localhost/timesketch'
23
24# Configure where your Elasticsearch server is located.
25#
26# Make sure that the Elasticsearch server is properly secured and not accessible
27# from the internet. See the following link for more information:
28# http://www.elasticsearch.org/blog/scripting-security/
29ELASTIC_HOST = '127.0.0.1'
30ELASTIC_PORT = 9200
31
32#-------------------------------------------------------------------------------
33# Single Sign On (SSO) configuration.
34
35# Your web server can handle authentication for you by setting a environment
36# variable when the user is successfully authenticated. The standard environment
37# variable is REMOTE_USER and this is the default, but if your SSO system uses
38# another name you can configure that here.
39
40SSO_ENABLED = False
41SSO_USER_ENV_VARIABLE = 'REMOTE_USER'
42
43# Some SSO systems provides group information as environment variable.
44# Timesketch can automatically create groups and add users as members.
45# To enable this feature just provide the environment variable used in the SSO
46# system of use.
47SSO_GROUP_ENV_VARIABLE = None
48
49# Different systems use different separators in the string returned in the
50# environment variable.
51SSO_GROUP_SEPARATOR = ';'
52
53# Some SSO systems uses a special prefix for the group name to indicate that
54# the user is not a member of that group. Set this if that is the case, i.e.
55# '-'.
56SSO_GROUP_NOT_MEMBER_SIGN = None
57
58#-------------------------------------------------------------------------------
59# Google Cloud Identity-Aware Proxy (Cloud IAP) authentication configuration.
60
61# Cloud IAP controls access to your Timesketch server running on Google Cloud
62# Platform. Cloud IAP works by verifying a user’s identity and determining if
63# that user should be allowed to access the server.
64#
65# For this feature you will need to configure your Cloud IAP and HTTPS load-
66# balancer. Follow the official documentation to get everything ready:
67# https://cloud.google.com/iap/docs/enabling-compute-howto
68
69# Enable Cloud IAP authentication support.
70GOOGLE_IAP_ENABLED = False
71
72# This information is available via the Google Cloud console:
73# https://cloud.google.com/iap/docs/signed-headers-howto
74GOOGLE_IAP_PROJECT_NUMBER = ''
75GOOGLE_IAP_BACKEND_ID = ''
76
77# DON'T EDIT: Google IAP expected audience is based on Cloud project number and
78# backend ID.
79GOOGLE_IAP_AUDIENCE = '/projects/{}/global/backendServices/{}'.format(
80    GOOGLE_IAP_PROJECT_NUMBER,
81    GOOGLE_IAP_BACKEND_ID
82)
83
84GOOGLE_IAP_ALGORITHM = 'ES256'
85GOOGLE_IAP_ISSUER = 'https://cloud.google.com/iap'
86GOOGLE_IAP_PUBLIC_KEY_URL = 'https://www.gstatic.com/iap/verify/public_key'
87
88#-------------------------------------------------------------------------------
89# Google Cloud OpenID Connect (OIDC) authentication configuration.
90
91# Cloud OIDC controls access to your Timesketch server running on Google Cloud
92# Platform. Cloud OIDC works by verifying a user’s identity and determining if
93# that user should be allowed to access the server.
94
95# Enable Cloud OIDC authentication support.
96GOOGLE_OIDC_ENABLED = False
97
98GOOGLE_OIDC_CLIENT_ID = None
99GOOGLE_OIDC_CLIENT_SECRET = None
100
101# If you need to authenticate an API client using OIDC you need to create
102# an OAUTH client for "other", or for native applications.
103# https://developers.google.com/identity/protocols/OAuth2ForDevices
104GOOGLE_OIDC_API_CLIENT_ID = None
105GOOGLE_OIDC_API_CLIENT_SECRET = None
106
107# Limit access to a specific Google GSuite domain.
108GOOGLE_OIDC_HOSTED_DOMAIN = None
109
110# If populated only these users (email addresses) will be able to login to
111# this server. This can be used when access should be limited to a specific
112# set of users.
113GOOGLE_OIDC_USER_WHITELIST = []
114
115#-------------------------------------------------------------------------------
116# Upload and processing of Plaso storage files.
117
118# To enable this feature you need to configure an upload directory and
119# how to reach the Redis database used by the distributed task queue.
120UPLOAD_ENABLED = True
121
122# Folder for temporarily storage of Plaso dump files before being processed and
123# inserted into the datastore.
124UPLOAD_FOLDER = '/tmp/timesketch'
125
126# Celery broker configuration. You need to change ip/port to where your Redis
127# server is running.
128CELERY_BROKER_URL = 'redis://127.0.0.1:6379'
129CELERY_RESULT_BACKEND = 'redis://127.0.0.1:6379'
130
131#-------------------------------------------------------------------------------
132# Graph backend configuration.
133
134GRAPH_BACKEND_ENABLED = False
135
136# Neo4j server configuration
137NEO4J_HOST = '127.0.0.1'
138NEO4J_PORT = 7474
139NEO4J_USERNAME = 'neo4j'
140NEO4J_PASSWORD = '<NEO4J_PASSWORD>'
141
142#-------------------------------------------------------------------------------
143# Analyzers.
144
145# Which analyzers to run automatically.
146AUTO_INDEX_ANALYZERS = []
147AUTO_SKETCH_ANALYZERS = []
148
149# Optional specify any default arguments to pass to analyzers.
150# The format is:
151# {'analyzer1_name': {
152#     'param1': 'value'
153#   },
154#   {'analyzer2_name': {
155#       'param1': 'value'
156#     }
157#   }
158# }
159AUTO_SKETCH_ANALYZERS_KWARGS = {}
160ANALYZERS_DEFAULT_KWARGS = {}
161
162# Add all domains that are relevant to your enterprise here.
163# All domains in this list are added to the list of watched
164# domains and compared to other domains in the timeline to
165# attempt to spot "phishy" domains.
166DOMAIN_ANALYZER_WATCHED_DOMAINS = []
167
168# Defines how deep into the most frequently visited top
169# level domains the analyzer should include in its watch list.
170DOMAIN_ANALYZER_WATCHED_DOMAINS_THRESHOLD = 10
171
172# The minimum Jaccard distance for a domain to be considered
173# similar to the domains in the watch list. The lower this number
174# is the more domains will be included in the "phishy" domain
175# category.
176DOMAIN_ANALYZER_WATCHED_DOMAINS_SCORE_THRESHOLD = 0.75
177
178# A list of domains that are frequent source of false positives
179# in the "phishy" domain comparison, mostly CDNs and similar.
180DOMAIN_ANALYZER_WHITELISTED_DOMAINS = ['ytimg.com', 'gstatic.com', 'yimg.com', 'akamaized.net', 'akamaihd.net', 's-microsoft.com', 'images-amazon.com', 'ssl-images-amazon.com', 'wikimedia.org', 'redditmedia.com', 'googleusercontent.com', 'googleapis.com', 'wikipedia.org', 'github.io', 'github.com']
181
182# The threshold in minutes which the difference in timestamps has to cross in order to be
183# detected as 'timestomping'.
184NTFS_TIMESTOMP_ANALYZER_THRESHOLD = 10
185
186#-------------------------------------------------------------------------------
187# Enable experimental UI features.
188
189ENABLE_EXPERIMENTAL_UI = False
190
191#-------------------------------------------------------------------------------
192# Email notifications.
193
194ENABLE_EMAIL_NOTIFICATIONS = False
195EMAIL_DOMAIN = 'localhost'
196EMAIL_FROM_USER = 'nobody'
197EMAIL_SMTP_SERVER = 'localhost'
198
199# Only send emails to these users.
200EMAIL_USER_WHITELIST = []
201
202# Configuration to construct URLs for resources.
203EXTERNAL_HOST_URL = 'https://localhost'