yeti.conf.sample

[system]

##
## Basic system settings
##

# if export_path is not set, then the default value is /tmp
export_path = /opt/yeti/exports
logging = /var/log/yeti_user_activity.log
plugins_path = ./plugins
audit_logfile = /var/log/yeti_audit.log
templates_dir = /opt/yeti/templates

# Public scheme + hostname + port for Yeti. Use it if you want to specify an
# OIDC callback
# for testing use also a port number, e.g. http://localhost:8000
# webroot =

[auth]

##
## Use these settings to configure Yeti authentication.
##

# oidc, local
module = local

# to get a stronger value run:
# openssl rand -hex 32
# SECRET_KEY = SECRET
# ALGORITHM = HS256
# ACCESS_TOKEN_EXPIRE_MINUTES = 30
# BROWSER_TOKEN_EXPIRE_MINUTES = 43200
enabled = True

# OIDC
#
# Google can be used as an OIDC provider:
#  See Instructions here: https://developers.google.com/identity/protocols/oauth2
#
# OIDC_CLIENT_ID = LONGRANDOMSTRING.apps.googleusercontent.com
# OIDC_CLIENT_SECRET = BLABLA-BLABLABLA
# OIDC_DISCOVERY_URL = https://accounts.google.com/.well-known/openid-configuration

[tag]

##
## Use these settings to configure Yeti tags.
## If you specify default_tag_expiration = 7776000, then the tag will expire for 90 days.
## Value must be in days.
##

# default_tag_expiration = 90

[arangodb]

##
## Use these settings to configure how to connect to your ArangoDB database.
## All settings are optional, with default values being the one in the comment.
## If you do not specify a username and password, there will be no authentication.
##

# host = arangodb
# port = 8529
# username = root
# password =
# database = yeti_dev

[redis]

##
## Use these settings to configure how to connect to your redis server.
## All settings are optional, with default values being the one in the comment.
##

# host = redis
# port = 6379
# database = 0
# tls = ok

[events]
# Define in MiB the maximum allocated memory for events queue
memory_limit = 64
# When memory limit is reached, the oldest events will be dropped
# and will keep <keep_ratio> events.
keep_ratio = 0.9
# if concurrency is not defined, defaults to multiprocessing.cpu_count
consumers_concurrency = 2

[misp]

##
## Use this setting in order to specify a comma-separated list of MISP instances
## that should be taken into account by the MISP feed.
##

# instances = misp_1

[misp_1]

##
## For each instance in the 'misp.instances' setting, you should specify a
## configuration block with this format, in order to specify at least the URL
## and the auth key.
##

# name = MISP_1
# url = MISP_URL
# key = MISP_AUTH_KEY
# galaxy_filter = filtering_galaxy_to_drop
# days = days_history_to_change_by_default_60_days
# verifycert = true_or_false

[proxy]

# Format proxies like socks5://user:pass@host:port

http =
https =

[github]
# Generate token: https://github.com/settings/tokens
# Select repo only
# no token - limit 60 r/h
# w/ token - limit 5k r/h
# token =

[etopen]
## time of filtering rule suricata for the first run of feed ETOpen
start_time = 2000-01-01

[otx]
key = YourOTXKey
days = 1

[abuseIPDB]
key = YourKey

[phishtank]
key=

[vt]
key=

[passivedns]
login=
password=
url=

[circl_passivessl]
username=
password=

[circl_pdns]
username=
password=

[dnsdb]
api_key=

[macaddressio]
api_key=

[malshare]
api_key=

[timesketch]
endpoint =
username =
password =

[censys]
api_key =
secret =
max_results = 1000

[shodan]

# Set result_limit to -1 for unlimited results, default is 100

api_key =
result_limit =


[dfiq]

# Comma-separated list of additional directories to load DFIQ objects from.
extra_dirs = /dfiq

[datadog]
api_key = 
app_key = 
env = dev