-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.env.template
110 lines (96 loc) · 2.58 KB
/
.env.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
# Core Security Components
# -------------------
# Wazuh SIEM
WAZUH_MANAGER_IP=10.0.0.10
WAZUH_API_PORT=55000
WAZUH_API_USER=wazuh-api
WAZUH_API_PASSWORD=changeme
WAZUH_INDEXER_URL=https://10.0.0.10:9200
WAZUH_REGISTRATION_PASSWORD=changeme
WAZUH_ALERT_LEVEL_MIN=3
# BitDefender EDR
BITDEFENDER_API_KEY=your-api-key
BITDEFENDER_API_URL=https://cloud.gravityzone.bitdefender.com/api
BITDEFENDER_COMPANY_ID=your-company-id
BITDEFENDER_POLICY=High_Security
BITDEFENDER_SCAN_INTERVAL=24h
# Action1 RMM
ACTION1_API_KEY=your-api-key
ACTION1_ORG_ID=your-org-id
ACTION1_API_URL=https://app.action1.com/api/3.0
ACTION1_ALERT_LEVEL=7
# Network Security
# ---------------
# NVIS ZTNA
NVIS_API_KEY=your-api-key
NVIS_SERVER=10.0.0.11
NVIS_PORT=443
NVIS_POLICY_GROUP=security_stack
# PacketFence NAC
PACKETFENCE_API_USER=admin
PACKETFENCE_API_PASSWORD=changeme
PACKETFENCE_URL=https://10.0.0.12
PACKETFENCE_API_PORT=9999
PACKETFENCE_WEBADMIN_PORT=1443
# Network Monitoring
SURICATA_LOG_DIR=/var/log/suricata
SURICATA_RULES_DIR=/etc/suricata/rules
SURICATA_INTERFACE=eth0
SURICATA_HOME_NET=[10.0.0.0/8]
# RITA Network Analysis
RITA_MONGO_URI=mongodb://localhost:27017
RITA_DB_NAME=rita-security-db
RITA_BEACON_THRESHOLD=0.8
RITA_BLACKLIST_PATH=/etc/rita/blacklist.txt
# Monitoring & Analysis
# -------------------
# Splunk
SPLUNK_HOST=10.0.0.13
SPLUNK_API_TOKEN=your-token
SPLUNK_HEC_TOKEN=your-hec-token
SPLUNK_HEC_PORT=8088
SPLUNK_INDEX=security_events
SPLUNK_SOURCE_TYPE=json
# TheHive
THEHIVE_URL=http://10.0.0.14:9000
THEHIVE_API_KEY=your-api-key
THEHIVE_CASE_TEMPLATE=security-incident
THEHIVE_ORG=security-team
THEHIVE_AUTO_TASKS=true
# Deception Technology
# ------------------
# Canary Tokens
CANARY_AUTH_TOKEN=your-token
CANARY_WEBHOOK_URL=https://10.0.0.10:55000/canary
# HoneyPot Configuration
HONEYPOT_NETWORK=10.0.2.0/24
HONEYPOT_FTP_PORT=21
HONEYPOT_SMB_PORT=445
HONEYPOT_RDP_PORT=3389
HONEYPOT_LOG_DIR=/var/log/honeypot
# Integration & Notifications
# ------------------------
# Slack
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/your-webhook-url
SLACK_CHANNEL=#security-alerts
SLACK_CRITICAL_CHANNEL=#security-critical
SLACK_INFO_CHANNEL=#security-info
SLACK_MENTION_GROUP=security-team
# Email
SMTP_SERVER=smtp.company.com
SMTP_PORT=587
SMTP_USER=security-alerts
SMTP_PASSWORD=changeme
# Network Segments
# --------------
# Production Networks
INTERNAL_NETWORK=10.0.0.0/24
DMZ_NETWORK=10.0.1.0/24
HONEYNET=10.0.2.0/24
# Security Settings
ALERT_RETENTION_DAYS=90
LOG_RETENTION_DAYS=30
SCAN_SCHEDULE=0 0 * * *
BACKUP_SCHEDULE=0 2 * * *