-
Notifications
You must be signed in to change notification settings - Fork 149
/
munin.ini
45 lines (33 loc) · 1.44 KB
/
munin.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
[DEFAULT]
VT_PUBLIC_API_KEY = - # Found at https://www.virustotal.com/gui/my-apikey
# VT_USERID optional, needed for quota check
# VT_USERID =
MAL_SHARE_API_KEY = -
PAYLOAD_SEC_API_KEY = -
VALHALLA_API_KEY = -
MAL_BAZAR_API_KEY = -
INTEZER_API_KEY = -
PROXY = -
# Skip all services except Virustotal and Valhalla
# SKIP_SERVICES = True
[VIRUSTOTAL]
# set to "['ALL']" to save malware names of all AV vendors from VT matches to .json. Or give a list like e.g. ['Microsoft','AVG']
#VT_VENDORS = ['ALL']
# maximum number of hashes to collect from matches of multiple Virustotal searches (300 comments per search, might be multiple comments per hash!) to be collected before querying VT and the other services
VIRUSTOTAL_MAX_QUERY_SIZE = 600
# wait if quota is exceeded and --vtwaitquota is used
QUOTA_EXCEEDED_WAIT_TIME = 1200
# Public VT API allows 4 request per minute, so we wait 15 secs by default
WAIT_TIME = 17
[VALHALLA]
# maximum number of hashes to collect from matches of multiple Valhalla rules to be collected before querying VT and the other services
VALHALLA_MAX_QUERY_SIZE = 10000
# To get a representative sample base, cut off getting VT hash infos after RULE_CUTOFF percent per rule in total entries in vt-hash-db.json
# RULE_CUTOFF=0.5
[MISP]
MISP_URLS = ['https://misppriv.circl.lu']
MISP_AUTH_KEYS = ['-']
[HASHLOOKUP]
HASHLOOKUP_URLS = ['https://hashlookup.circl.lu/lookup/']
HASHLOOKUP_HANDLES = ['CIRCL']
HASHLOOKUP_AUTH_KEYS = ['-']