This repository has been archived by the owner on Feb 13, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 253
/
Copy pathteler.example.yaml
107 lines (90 loc) · 2.59 KB
/
teler.example.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# To write log format, see https://github.com/kitabisa/teler/configuration/log-format
log_format: |
$remote_addr $remote_user - [$time_local] "$request_method $request_uri $request_protocol"
$status $body_bytes_sent "$http_referer" "$http_user_agent"
rules:
cache: true
threat:
excludes:
# - "Common Web Attack"
# - "CVE"
# - "Bad IP Address"
# - "Bad Referrer"
# - "Bad Crawler"
# - "Directory Bruteforce"
# It can be user-agent, request path, HTTP referrer,
# IP address and/or request query values parsed in regExp.
# This list applies only to engine defined threats, not to custom threat rules.
whitelists:
# - (curl|Go-http-client|okhttp)/*
# - ^/wp-login\.php
# - https?:\/\/www\.facebook\.com
# - 192\.168\.0\.1
customs:
# - name: "Log4j Attack"
# condition: or
# rules:
# - element: "request_uri"
# pattern: \$\{.*:\/\/.*\/?\w+?\}
# - element: "http_referer"
# pattern: \$\{.*:\/\/.*\/?\w+?\}
# - element: "http_user_agent"
# pattern: \$\{.*:\/\/.*\/?\w+?\}
# - name: "Large File Upload"
# condition: and
# rules:
# - element: "body_bytes_sent"
# selector: true
# pattern: \d{6,}
# - element: "request_method"
# pattern: P(OST|UT)
dashboard:
active: true
host: "localhost"
port: 9080
username: "wew"
password: "w0w!"
endpoint: "/events"
metrics:
prometheus:
active: false
host: "localhost"
port: 9099
endpoint: "/metrics"
logs:
file:
active: false
json: false
path: "/path/to/output.log"
zinc:
active: false
host: "localhost"
port: 4080
ssl: false
username: "admin"
password: "Complexpass#123"
index: "lorem-ipsum-index"
alert:
active: false
provider: "slack"
notifications:
# Only Slack & Discord that can post alerts via webhook,
# meaning that if the webhook field is filled & valid in
# it'll use the given webhook URL, otherwise it will use
# token to authenticate.
slack:
webhook: "https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX"
token: "xoxo-...."
color: "#ffd21a"
channel: "G30SPKI"
telegram:
token: "123456:ABC-DEF1234...-..."
chat_id: "-111000"
discord:
webhook: "https://discord.com/api/webhooks/0000000000/XXXXX"
token: "NkWkawkawkawkawka.X0xo.n-kmZwA8aWAA"
color: "16312092"
channel: "700000000000000..."
mattermost:
webhook: "http://HOST/hooks/XXXXX-KEY-XXXXX"
color: "#ffd21a"