-
Notifications
You must be signed in to change notification settings - Fork 4
/
emailscanner.json
93 lines (93 loc) · 3.32 KB
/
emailscanner.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
{
"activedirectory-enrichment": true,
"activedirectory-enrichment-configuration": {
"adurl": "ldaps://adserver.mydomain.local",
"computer_basedn": ",OU=Company,OU=Workstations,DC=mydomain,DC=local",
"domain": "mydomain.local",
"person_basedn": ",OU=Microsoft Exchange Security Groups,DC=mydomain,DC=local;,OU=ITUsers,DC=mydomain,DC=local;,OU=Sales,OU=Users,DC=mydomain,DC=local;,OU=Groups,OU=Marketing,OU=Users,DC=corp,DC=local",
"service_account": "service_account_name",
"service_account_password": "service_account_password"
},
"certs": {
"mail.mydomain.com": "/etc/ssl/certs/mail.mydomain.pem"
},
"cuckooapi": "http://10.0.0.8:1337",
"cuckooweb": "https://cuckoo.mydomain.local",
"cuckoowhitelist": [
".msg",
".png",
".gif",
".png",
".jpeg",
".tiff",
".txt"
],
"elasticsearch": true,
"elasticsearch_config": {
"fireeye": {
"doctype": "email",
"hosts": "10.0.0.7",
"index": "fireeye"
},
"phishing": {
"doctype": "email",
"hosts": "10.0.0.7",
"index": "reportedphishing"
}
},
"email_alerts": true,
"email_from": "[email protected]",
"email_notify": [
],
"email_server": "smtp.mydomain.com",
"esenrichment": true,
"esenrichment_server": "10.0.0.7",
"fireeyeaddress": "[email protected]",
"falcon_customioc":true,
"falconapi_url":"https://falconapi.crowdstrike.com/indicators/entities/iocs/v1",
"falconapi_user":"<your falcon api user>",
"falconapi_key":"<your falconapikey>",
"mailboxes": [
{
"account": "[email protected]",
"autodiscover": false,
"password": "<password for [email protected]>",
"server": "mail.mydomain.com",
"username": "mydomain\\service_account_name"
},
{
"account": "[email protected]",
"autodiscover": false,
"password": "<password for [email protected]>",
"server": "mail.mydomain.com",
"username": "mydomain\\service_account_name"
}
],
"misp_enabled": true,
"mispkey": "<your misp api key>",
"mispui": "https://misp.mydomain.local:1234",
"mispurl": "http://10.0.0.6:1984",
"phishing_report_address": "[email protected]",
"phishingemailfolders": [
"[[email protected]]",
"Inbox.[[email protected]]"
],
"folders_indexed":[
"[[email protected]]",
"[[email protected]]root.Inbox.Unconfirmed",
"[[email protected]]root.Inbox.Spam",
"[[email protected]]root.Inbox.Phishing",
"[[email protected]]root.Inbox.Newsletter",
"[[email protected]]root.Inbox.Internal",
"[[email protected]]root.Inbox.Policy Violation",
"[[email protected]]root.Inbox.Legitimate"
],
"scannedfolders": [
"[[email protected]]root.Inbox",
"[[email protected]]root.Inbox.Cuckoo",
"Inbox.[[email protected]]"
],
"thehive-url": "http://thehive.mydomain.local:9000/api/alert",
"thehiveapi": "<thehive api key>"
}