forked from SecurityTW/delilah
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDelilah.ini
47 lines (43 loc) · 1.69 KB
/
Delilah.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
[notifications]
; there can be as many users or as few users as needed
; simply add or remove "email:" entries as necessary
email: [email protected]
[emailacct]
; login name for Delilah to log with to send email
username: [email protected]
; password for the email account
password: youneedapassword
; email server and port
server: smtp.example.com:587
; the email address from which the notifications will arrive
from: [email protected]
[honeypot]
; port number to listen for Elasticsearch requests on. Default is 9200
port: 9200
; the URI to access when pulling events from Delilah's monitoring database. This must match DelilahMonitor.ini value for the node
statusURI: thisshouldbelongandsecret
; name of the cluster you are simulating
clustername: clustername
; name of the instance that will be reporting the response e.g "es-node1"
instancename: instancename
; the version of Elasticsearch to report when asked
esversion: 1.4.1
; usually a string of random looking letters to is unique for identifying the node
nodename: nodename
; IP address of the external interface that is listening for the requests. This is reported by /_nodes
sensorIP: 192.168.1.1
; The buildnumber of the Elasticsearch instance. 7 to 8 digit hex number is best
buildnumber: 89d3341
; FQDN for the node
hostname: es-node1.example.com
; MAC address of the fake listening NIC. Probably best not to use your real MAC here
macaddress: 00:11:22:33:44:55
; Number of cores listening. Used by /_nodes
totalcores: 16
; Number of sockets available. Used by /_nodes
totalsockets: 32
[data]
; number of seconds to give a download event before failing
downloadtimeout: 30
; the SQLite database to store events in
dbFile: esevents.sqlite