HEX

Warning: set_time_limit() [function.set-time-limit]: Cannot set time limit - prohibited by configuration in /home/u547966/brikov.ru/www/wp-content/plugins/admin-menu-editor/menu-editor.php on line 745
Server: Apache
System: Linux 4.19.0-0.bpo.9-amd64 x86_64 at red40
User: u547966 (5490)
PHP: 5.3.29-mh2
Disabled: syslog, dl, popen, proc_open, proc_nice, proc_get_status, proc_close, proc_terminate, posix_mkfifo, chown, chgrp, accelerator_reset, opcache_reset, accelerator_get_status, opcache_get_status, pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wifcontinued, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority
$ pwd: /etc/filebeat/modules.d/
Upload Files
File: //etc/filebeat/modules.d/threatintel.yml.disabled
# Module: threatintel
# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.11/filebeat-module-threatintel.html

- module: threatintel
  abuseurl:
    enabled: false

    # Input used for ingesting threat intel data.
    var.input: httpjson

    # The URL used for Threat Intel API calls.
    var.url: https://urlhaus-api.abuse.ch/v1/urls/recent/

    # The interval to poll the API for updates.
    var.interval: 10m

  abusemalware:
    enabled: false

    # Input used for ingesting threat intel data.
    var.input: httpjson

    # The URL used for Threat Intel API calls.
    var.url: https://urlhaus-api.abuse.ch/v1/payloads/recent/

    # The interval to poll the API for updates.
    var.interval: 10m

  malwarebazaar:
    enabled: false

    # Input used for ingesting threat intel data.
    var.input: httpjson

    # The URL used for Threat Intel API calls.
    var.url: https://mb-api.abuse.ch/api/v1/

    # The interval to poll the API for updates.
    var.interval: 10m

  misp:
    enabled: false

    # Input used for ingesting threat intel data, defaults to JSON.
    var.input: httpjson

    # The URL of the MISP instance, should end with "/events/restSearch".
    var.url: https://SERVER/events/restSearch

    # The authentication token used to contact the MISP API. Found when looking at user account in the MISP UI.
    var.api_token: API_KEY

    # Configures the type of SSL verification done, if MISP is running on self signed certificates
    # then the certificate would either need to be trusted, or verification_mode set to none.
    #var.ssl.verification_mode: none

    # Optional filters that can be applied to the API for filtering out results. This should support the majority of fields in a MISP context.
    # For examples please reference the filebeat module documentation.
    #var.filters:
    #  - threat_level: [4, 5]
    #  - to_ids: true

    # How far back to look once the beat starts up for the first time, the value has to be in hours. Each request afterwards will filter on any event newer
    # than the last event that was already ingested.
    var.first_interval: 300h

    # The interval to poll the API for updates.
    var.interval: 5m

  otx:
    enabled: false

    # Input used for ingesting threat intel data
    var.input: httpjson

    # The URL used for OTX Threat Intel API calls.
    var.url: https://otx.alienvault.com/api/v1/indicators/export

    # The authentication token used to contact the OTX API, can be found on the OTX UI.
    var.api_token: API_KEY

    # Optional filters that can be applied to retrieve only specific indicators.
    #var.types: "domain,IPv4,hostname,url,FileHash-SHA256"

    # The timeout of the HTTP client connecting to the OTX API
    #var.http_client_timeout: 120s

    # How many hours to look back for each request, should be close to the configured interval. Deduplication of events is handled by the module.
    var.lookback_range: 1h

    # How far back to look once the beat starts up for the first time, the value has to be in hours.
    var.first_interval: 400h

    # The interval to poll the API for updates
    var.interval: 5m

  anomali:
    enabled: false

    # Input used for ingesting threat intel data
    var.input: httpjson

    # The URL used for Threat Intel API calls. Limo has multiple different possibilities for URL's depending
    # on the type of threat intel source that is needed.
    var.url: https://limo.anomali.com/api/v1/taxii2/feeds/collections/41/objects

    # The Username used by anomali Limo, defaults to guest.
    #var.username: guest

    # The password used by anomali Limo, defaults to guest.
    #var.password: guest

    # How far back to look once the beat starts up for the first time, the value has to be in hours.
    var.first_interval: 400h

    # The interval to poll the API for updates
    var.interval: 5m

  anomalithreatstream:
    enabled: false

    # Input used for ingesting threat intel data
    var.input: http_endpoint

    # Address to bind to in order to receive HTTP requests
    # from the Integrator SDK. Use 0.0.0.0 to bind to all
    # existing interfaces.
    var.listen_address: localhost

    # Port to use to receive HTTP requests from the
    # Integrator SDK.
    var.listen_port: 8080

    # Secret key to authenticate requests from the SDK.
    var.secret: "<Add your secret here>"

    # Uncomment the following and set the absolute paths
    # to the server SSL certificate and private key to
    # enable HTTPS secure connections.
    #
    # var.ssl_certificate: path/to/server_ssl_cert.pem
    # var.ssl_key: path/to/ssl_key.pem

  threatq:
    enabled: false

    # Input used for ingesting threat intel data
    var.input: httpjson

    # The URL used for ThreatQ ThreatLibrary API calls.
    # Remember to put a slash at the end of the host URL
    var.host: https://www.threatq.com/

    # Oauth 2.0 Access Token URL
    var.token_url: https://www.threatq.com/api/token

    # Oauth 2.0 Client ID
    var.client_id: "INSERT_CLIENT_ID"

    # Oauth 2.0 Client Secret
    var.client_secret: "INSERT_CLIENT_SECRET"

    # The interval to poll the API for updates
    var.interval: 1m

    # The ID for the ThreatQ smart data collection
    var.data_collection_id: "INSERT_THREATQ_DATA_COLLECTION_ID"

    # The URL of the proxy if used
    #var.proxy_url: http://proxy:8000

    # Customize the HTTP timeout configured for the API requests
    #var.http_client_timeout: 30s
@ Telegram