-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathcrowdsec_constants.py
More file actions
56 lines (47 loc) · 1.3 KB
/
crowdsec_constants.py
File metadata and controls
56 lines (47 loc) · 1.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
VERSION = "1.2.5"
APP_NAME = "crowdsec-splunk-app"
DEFAULT_SPLUNK_HOME = "/opt/splunk"
CROWDSEC_API_BASE_URL = "https://cti.api.crowdsec.net"
DUMP_TYPE_CROWDSEC = "crowdsec"
DUMP_TYPE_GEOIP_ASN = "geoip_asn"
## LOCAL DUMP CONFIGURATION
LOCAL_DUMP_FILES = {
"crowdsec_full_mmdb": {
"output_filename": "crowdsec_full.mmdb",
"crowdsec_dump_name": "smoke_full_mmdb",
"priority": 1,
"dump_type": DUMP_TYPE_CROWDSEC,
},
"crowdsec_geoip_asn_mmdb": {
"output_filename": "crowdsec_geoip_asn.mmdb",
"crowdsec_dump_name": "geoip-asn-circle",
"priority": 2,
"dump_type": DUMP_TYPE_GEOIP_ASN,
},
}
## PROFILES CONFIGURATION
BASE_PROFILE_FIELDS = [
"ip",
"reputation",
"confidence",
"as_num",
"as_name",
"location",
"classifications",
]
ANONYMOUS_PROFILE_FIELDS = [
"ip",
"reputation",
"proxy_or_vpn",
"classifications",
]
IP_RANGE_PROFILE_FIELDS = ["ip", "ip_range", "ip_range_24", "ip_range_24_score"]
DEBUG_PROFILE_FIELDS = ["ip", "query_time", "query_mode"]
CROWDSEC_PROFILES = {
"base": BASE_PROFILE_FIELDS,
"anonymous": ANONYMOUS_PROFILE_FIELDS,
"vpn": ANONYMOUS_PROFILE_FIELDS,
"proxy": ANONYMOUS_PROFILE_FIELDS,
"iprange": IP_RANGE_PROFILE_FIELDS,
"debug": DEBUG_PROFILE_FIELDS,
}