.env.example

# CyberBlue Environment Template

MISP_BASE_URL=https://127.0.0.1:7003
YETI_AUTH_SECRET_KEY=changeme_secure_key
SURICATA_INT=eth0

VEL_USER=admin
VEL_PASSWORD=cyberblue


######### YETI .ENV ###########
YETI_DOCKER_ENVFILE=.env

# Yeti database / internals
YETI_REDIS_HOST=yeti-redis
YETI_REDIS_PORT=6379
YETI_REDIS_DATABASE=0
YETI_ARANGODB_HOST=yeti-arangodb
YETI_ARANGODB_PORT=8529
YETI_ARANGODB_DATABASE=yeti
YETI_ARANGODB_USERNAME=root
YETI_ARANGODB_PASSWORD=

# Empty secret will generate an error upon startup
YETI_AUTH_ALGORITHM=HS256
YETI_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES=30

# 30 days
YETI_AUTH_BROWSER_TOKEN_EXPIRE_MINUTES=43200
YETI_AUTH_ENABLED=True
YETI_SYSTEM_PLUGINS_PATH=./plugins

# Timesketch configuration
YETI_TIMESKETCH_ENDPOINT=http://timesketch-dev:5000
YETI_TIMESKETCH_USERNAME=dev
YETI_TIMESKETCH_PASSWORD=dev

# Bloomcheck configuration
# This is the directory on the host that will be mapped to /data in the container
# Point to an empty directory if not using bloom filters
YETI_BLOOM_FILTERS_DIR=/opt/yeti/bloomfilters
YETI_BLOOM_BLOOMCHECK_ENDPOINT=http://bloomcheck:8100


######### END of YETI .ENV ########


# environment file for the arkime container that is started via 'docker compose'
# see README.md file for documentation


ARKIME_ADMIN_PASSWORD="admin"
ARKIME_HOSTNAME="localhost"

CAPTURE="off"
# the interface to caputre
ARKIME_INTERFACE="eth0"

VIEWER="on"

# environment file for docker-compose

# OpenSearch settings
########################

# the OS version
OS_VERSION=2

# the names of the OS nodes
OS_NODE1=os01
# uncomment to create a cluster (more nodes can be added also)
# !!! do not forget to also adjust the docker-compose.yml file !!!
# OS_NODE2=os02

# specify how much memory should one OS instance should get
OS_JAVA_MEM=512m


# Arkime settings
#################

# the port were the Arkime instance can be reached
ARKIME_PORT=8005

# the path were your PCAP files are stored
# or should be stored if you want to use moloch-capture
PCAP_DIR=./arkime/pcaps

###### MISP .ENV #######

##
# Build-time variables
##

CORE_TAG=v2.5.14
# CORE_FLAVOR=full
MODULES_TAG=v3.0.2
# MODULES_FLAVOR=full
PHP_VER=20220829

# PYPY_* vars take precedence over MISP's
# PYPI_REDIS_VERSION="==5.0.*"
# PYPI_LIEF_VERSION=">=0.13.1"
# PYPI_PYDEEP2_VERSION="==0.5.*"
# PYPI_PYTHON_MAGIC_VERSION="==0.4.*"
# PYPI_MISP_LIB_STIX2_VERSION="==3.0.*"
# PYPI_MAEC_VERSION="==4.1.*"
# PYPI_MIXBOX_VERSION="==1.0.*"
# PYPI_CYBOX_VERSION="==2.1.*"
# PYPI_PYMISP_VERSION="==2.5.9"
# PYPI_MISP_STIX_VERSION="==2.4.194"
PYPI_SETUPTOOLS="==80.3.1"
PYPI_SUPERVISOR="==4.2.5"

# CORE_COMMIT takes precedence over CORE_TAG
# CORE_COMMIT=0bba3f5
# MODULES_COMMIT takes precedence over MODULES_TAG
# MODULES_COMMIT=de69ae3

##
# Run-time variables
##

# CORE_RUNNING_TAG=latest
# MODULES_RUNNING_TAG=latest

# Email/username for user #1, defaults to MISP's default (admin@admin.test)
ADMIN_EMAIL=
# name of org #1, default to MISP's default (ORGNAME)
ADMIN_ORG=
# uuid of org #1, defaults to an automatically generated one
ADMIN_ORG_UUID=
# defaults to an automatically generated one
ADMIN_KEY=
# defaults to MISP's default (admin)
ADMIN_PASSWORD=
# defaults to 'passphrase'
GPG_PASSPHRASE=
# defaults to 1 (the admin user)
CRON_USER_ID=
# defaults to 'https://localhost'
# note: if you are exposing MISP on a non-standard port (i.e., the port is part of the URL you would use to access it, e.g., https://192.168.0.1:4433) you need to include the port in the BASE_URL variable
MISP_BASE_URL=https://10.0.0.30:7003
# store settings in db except those that must stay in config.php. true/false, defaults to false
ENABLE_DB_SETTINGS=
# encryption key. defaults to empty string
ENCRYPTION_KEY=
# enable background updates. defaults to false
ENABLE_BACKGROUND_UPDATES=
# use a different attachments_dir. defaults to /var/www/MISP/app/files
ATTACHMENTS_DIR=

# By default, a daily synchronization is performed, but you can modify this by changing the push and pull crontabs.
# CRON_PULLALL="0 1 * * *"
# CRON_PUSHALL="0 0 * * *"

# defines the FQDN of the mail sub-system (defaults to 'mail')
# SMTP_FQDN=

# optional and used by the mail sub-system
SMARTHOST_ADDRESS=
SMARTHOST_PORT=
SMARTHOST_USER=
SMARTHOST_PASSWORD=
SMARTHOST_ALIASES=

# optional comma separated list of IDs of syncservers (e.g. SYNCSERVERS=1)
# For this to work ADMIN_KEY must be set, or AUTOGEN_ADMIN_KEY must be true (default)
SYNCSERVERS=
# note: if you have more than one syncserver, you need to update docker-compose.yml
SYNCSERVERS_1_URL=
SYNCSERVERS_1_NAME=
SYNCSERVERS_1_UUID=
SYNCSERVERS_1_KEY=
# pull rules are JSON encoded (and escaped) dictionaries
# Example: only pull events where the analysis is complete
#       SYNCSERVERS_1_PULL_RULES='{\"tags\":{\"OR\":[],\"NOT\":[]},\"orgs\":{\"OR\":[],\"NOT\":[]},\"url_params\":\"{\\\"searchanalysis\\\": \\\"2\\\"}\"}'
SYNCSERVERS_1_PULL_RULES=

# optional and used to set mysql db and credentials
# MYSQL_HOST=
# MYSQL_PORT=
# MYSQL_USER=
# MYSQL_PASSWORD=
# MYSQL_ROOT_PASSWORD=
# MYSQL_DATABASE=

# optional and used to set redis
# REDIS_HOST=
# REDIS_PORT=
# remember to escape special character '$', e.g., 'test1%<$1323>' becomes 'test1%<$$1323>'
# REDIS_PASSWORD=

# These variables allows overriding some MISP email values.
# They all default to ADMIN_EMAIL.

# MISP.email, used for notifications. Also used
# for GnuPG.email and GPG autogeneration.
# MISP_EMAIL=

# MISP.contact, the e-mail address that
# MISP should include as a contact address
# for the instance's support team.
# MISP_CONTACT=

# Enable GPG autogeneration (default true)
# AUTOCONF_GPG=true

# Enable admin (user #1) API key autogeneration
# if ADMIN_KEY is not set above (default true)
# AUTOGEN_ADMIN_KEY=true

# Disable IPv6 completely
# DISABLE_IPV6=true

# Disable SSL redirect
# DISABLE_SSL_REDIRECT=true

# Disable CA refresh
# DISABLE_CA_REFRESH=true

# Enable OIDC authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/OidcAuth/README.md
# OIDC_ENABLE=true
# OIDC_PROVIDER_URL=
# OIDC_CLIENT_ID=
# OIDC_CLIENT_SECRET=
# OIDC_ROLES_PROPERTY="roles"
# OIDC_ROLES_MAPPING="{\"admin\": \"1\"}"
# OIDC_DEFAULT_ORG=
# OIDC_LOGOUT_URL=
# OIDC_SCOPES="[\"profile\", \"email\"]"
# OIDC_MIXEDAUTH=true

# Enable LDAP (using the ApacheSecureAuth component) authentication, according to https://github.com/MISP/MISP/issues/6189
# NOTE: Once you enable LDAP authentication with the ApacheSecureAuth component,
#       users should not be able to control the HTTP header configured in LDAP_APACHE_ENV
#       (e.g. REMOTE_USER), this means you must not allow direct access to MISP.
# NOTE 2: You need to escape special characters twice, e.g., "pass\word" becomes "pass\\\\word".
# APACHESECUREAUTH_LDAP_ENABLE=true
# APACHESECUREAUTH_LDAP_APACHE_ENV="REMOTE_USER"
# APACHESECUREAUTH_LDAP_SERVER="ldap://your_domain_controller"
# APACHESECUREAUTH_LDAP_STARTTLS=true
# APACHESECUREAUTH_LDAP_READER_USER="CN=service_account_name,OU=Users,DC=domain,DC=net"
# APACHESECUREAUTH_LDAP_READER_PASSWORD="password"
# APACHESECUREAUTH_LDAP_DN="OU=Users,DC=domain,DC=net"
# APACHESECUREAUTH_LDAP_SEARCH_FILTER=""
# APACHESECUREAUTH_LDAP_SEARCH_ATTRIBUTE="uid"
# APACHESECUREAUTH_LDAP_FILTER="[\"mail\", \"uid\", \"cn\" ]"
# APACHESECUREAUTH_LDAP_DEFAULT_ROLE_ID="3"
# APACHESECUREAUTH_LDAP_DEFAULT_ORG="1"
# APACHESECUREAUTH_LDAP_EMAIL_FIELD="[\"mail\"]"
# APACHESECUREAUTH_LDAP_OPT_PROTOCOL_VERSION="3"
# APACHESECUREAUTH_LDAP_OPT_NETWORK_TIMEOUT="-1"
# APACHESECUREAUTH_LDAP_OPT_REFERRALS=false

# Enable LDAP (using the MISP plugin native) authentication, according to https://github.com/MISP/MISP/tree/2.5/app/Plugin/LdapAuth
# NOTE 2: You need to escape special characters twice, e.g., "pass\word" becomes "pass\\\\word".
# LDAPAUTH_ENABLE=true
# LDAPAUTH_LDAPSERVER="ldap://your_domain_controller"
# LDAPAUTH_LDAPDN="OU=Users,DC=domain,DC=net"
# LDAPAUTH_LDAPREADERUSER="CN=service_account_name,OU=Users,DC=domain,DC=net"
# LDAPAUTH_LDAPREADERPASSWORD="password"
# LDAPAUTH_LDAPSEARCHFILTER=""
# LDAPAUTH_LDAPSEARCHATTRIBUTE="mail"
# LDAPAUTH_LDAPEMAILFIELD="[\"mail\"]"
# LDAPAUTH_LDAPNETWORKTIMEOUT="-1"
# LDAPAUTH_LDAPPROTOCOL="3"
# LDAPAUTH_LDAPALLOWREFERRALS=true
# LDAPAUTH_STARTTLS=false
# LDAPAUTH_MIXEDAUTH=true
# LDAPAUTH_LDAPDEFAULTORGID="1"
# LDAPAUTH_LDAPDEFAULTROLEID="3"
# LDAPAUTH_UPDATEUSER=true
# LDAPAUTH_DEBUG=false
# LDAPAUTH_LDAPTLSREQUIRECERT="LDAP_OPT_X_TLS_ALLOW"
# LDAPAUTH_LDAPTLSCUSTOMCACERT=false
# LDAPAUTH_LDAPTLSCRLCHECK="LDAP_OPT_X_TLS_CRL_PEER"
# LDAPAUTH_LDAPTLSPROTOCOLMIN="LDAP_OPT_X_TLS_PROTOCOL_TLS1_2"

# Enable Azure AD (Entra) authentication, according to https://github.com/MISP/MISP/blob/2.4/app/Plugin/AadAuth/README.md
# AAD_ENABLE=true
# AAD_CLIENT_ID=
# AAD_TENANT_ID=
# AAD_CLIENT_SECRET=
# AAD_REDIRECT_URI="https://misp.mydomain.com/users/login"
# AAD_PROVIDER="https://login.microsoftonline.com/"
# AAD_PROVIDER_USER="https://graph.microsoft.com/"
# AAD_MISP_USER="Misp Users"
# AAD_MISP_ORGADMIN="Misp Org Admins"
# AAD_MISP_SITEADMIN="Misp Site Admins"
# AAD_CHECK_GROUPS=false

# Enable the use of a Proxy server
# PROXY_ENABLE=true
# PROXY_HOST=
# PROXY_PORT=
# PROXY_METHOD=
# PROXY_USER=
# PROXY_PASSWORD=

# Enable debugging
# ALWAYS SET THIS TO 0 IN PRODUCTION
# 0 - Debug off (default)
# 1 - Debug on
# 2 - Debug on + SQL dump
# DEBUG=

# FastCGI configuration on nginx
# FASTCGI_READ_TIMEOUT=300s
# FASTCGI_SEND_TIMEOUT=300s
# FASTCGI_CONNECT_TIMEOUT=300s
# Where to listen to PHP-FPM status. Can be a port or a ip:port. If not set the status page will not be shown.
# Do not expose this page in public networks.
# FASTCGI_STATUS_LISTEN=""

# PHP FPM configuration

## Basic PHP settings
# Maximum memory a PHP script can use.
# PHP_MEMORY_LIMIT=2048M
# Maximum execution time for a PHP script in seconds.
# PHP_MAX_EXECUTION_TIME=300
# Maximum file upload size for PHP scripts.
# PHP_UPLOAD_MAX_FILESIZE=50M
# Maximum size for POST data sent to PHP.
# PHP_POST_MAX_SIZE=50M
# Maximum time PHP spends parsing input data in seconds.
# PHP_MAX_INPUT_TIME=300
# Maximum number of file to upload per request.
# PHP_MAX_FILE_UPLOADS=50

## PHP FPM pool setup
# Maximum number of php-fpm processes, limits the number of simultaneous requests.
# PHP_FCGI_CHILDREN=5
# Number of processes created on startup.
# PHP_FCGI_START_SERVERS=2
# The desired number of idle server processes.
# PHP_FCGI_SPARE_SERVERS=1
# The number of requests each process should execute before respawning. "0" means endless request processing.
# PHP_FCGI_MAX_REQUESTS=0

## Additional PHP settings
# Timeout (in minutes) for user session inactivity before it expires.
# PHP_SESSION_TIMEOUT=60
# Session cookie validity period in minutes.
# PHP_SESSION_COOKIE_TIMEOUT=10080
# Default PHP configurations.
# PHP_SESSION_DEFAULTS=php
# Automatically regenerate session ID on each request.
# PHP_SESSION_AUTO_REGENERATE=false
# Check user agent on each request for security.
# PHP_SESSION_CHECK_AGENT=false
# Only send session cookies over HTTPS.
# PHP_SESSION_COOKIE_SECURE=true
# Domain for session cookie validity (leave empty for current domain).
# PHP_SESSION_COOKIE_DOMAIN=
# SameSite policy for cookies ("Lax" allows top-level navigation).
# PHP_SESSION_COOKIE_SAMESITE=Lax

# MariaSQL/MySQL (InnoDB) configuration
# INNODB_BUFFER_POOL_SIZE=2048M
# INNODB_CHANGE_BUFFERING=none
# INNODB_IO_CAPACITY=1000
# INNODB_IO_CAPACITY_MAX=2000
# INNODB_LOG_FILE_SIZE=600M
# INNODB_READ_IO_THREADS=16
# INNODB_STATS_PERSISTENT=ON
# INNODB_WRITE_IO_THREADS=4

# Whether to enable processing of the X-Forwarded-For header (default to false)
# NGINX_X_FORWARDED_FOR=true
# Comma separated list of trusted IP addresses
# NGINX_SET_REAL_IP_FROM=127.0.0.1

# Security Settings
# Maximum time (in seconds) for HSTS (HTTP Strict Transport Security), ensures HTTPS is used.
# HSTS_MAX_AGE=

# X-Frame-Options policy configuration: controls whether the site can be embedded in frames or iframes.
# Options: DENY, SAMEORIGIN, ALLOW-FROM <URL> Default: SAMEORIGIN
# X_FRAME_OPTIONS=

# NGINX maximum allowed size of the client request body.
# NGINX_CLIENT_MAX_BODY_SIZE=50M

# Content-Security-Policy (CSP) configuration: defines allowed resources and prevents attacks like XSS.
# Example: "frame-src 'self' https://*.example.com; frame-ancestors 'self' https://*.example.com; object-src 'none'; report-uri https://example.com/cspReport"
# CONTENT_SECURITY_POLICY=


##### END of MISP .ENV ######



# Default execution environment for workers
ORG_ID=Shuffle
ENVIRONMENT_NAME=Shuffle

# Sanitize liquid.py input
LIQUID_SANITIZE_INPUT=true


# Remote github config for first load
SHUFFLE_DOWNLOAD_WORKFLOW_LOCATION=
SHUFFLE_DOWNLOAD_WORKFLOW_USERNAME=
SHUFFLE_DOWNLOAD_WORKFLOW_PASSWORD=
SHUFFLE_DOWNLOAD_WORKFLOW_BRANCH=

SHUFFLE_APP_DOWNLOAD_LOCATION=https://github.com/shuffle/python-apps
SHUFFLE_DOWNLOAD_AUTH_USERNAME=
SHUFFLE_DOWNLOAD_AUTH_PASSWORD=
SHUFFLE_DOWNLOAD_AUTH_BRANCH=
SHUFFLE_APP_FORCE_UPDATE=false

# User config for first load. Username & PW: min length 3
SHUFFLE_DEFAULT_USERNAME=
SHUFFLE_DEFAULT_PASSWORD=
SHUFFLE_DEFAULT_APIKEY=

# Local location of your app directory. Can't use ~/
# Files will get better at some point. Right now: local saving.
SHUFFLE_APP_HOTLOAD_FOLDER=./shuffle-apps
SHUFFLE_APP_HOTLOAD_LOCATION=./shuffle-apps
SHUFFLE_FILE_LOCATION=./shuffle-files

# Encryption modifier. This HAS to be set to encrypt any authentication being used in Shuffle. This is put together with other relevant values to ensure multiple parts are needed to decrypt.
# If this key is lost or changed, you will have to reauthenticate all apps.
SHUFFLE_ENCRYPTION_MODIFIER=

# Other configs
BASE_URL=http://shuffle-backend:5001
SSO_REDIRECT_URL=http://localhost:3001
BACKEND_HOSTNAME=shuffle-backend
BACKEND_PORT=5001
FRONTEND_PORT=3001
FRONTEND_PORT_HTTPS=7002
AUTH_FOR_ORBORUS=

# CHANGE THIS IF YOU WANT GOOD LOCAL EXECUTIONS:
OUTER_HOSTNAME=shuffle-backend
DB_LOCATION=./shuffle-database
DOCKER_API_VERSION=1.40

# Orborus/Proxy configurations
HTTP_PROXY=
HTTPS_PROXY=
SHUFFLE_PASS_WORKER_PROXY=TRUE
SHUFFLE_PASS_APP_PROXY=TRUE
SHUFFLE_INTERNAL_HTTP_PROXY=noproxy
SHUFFLE_INTERNAL_HTTPS_PROXY=noproxy
# Timezone-handler in Orborus, Worker and Apps
TZ=Europe/Amsterdam
# Used to FIND the containername. cgroup v2: issue 501
ORBORUS_CONTAINER_NAME=
# Used for setting up a startup delay for Orborus
SHUFFLE_ORBORUS_STARTUP_DELAY=
SHUFFLE_SKIPSSL_VERIFY=true
# Used for controlling if the environment should run in kubernetes or not
IS_KUBERNETES=false

#SHUFFLE_BASE_IMAGE_NAME=shuffle
#SHUFFLE_BASE_IMAGE_REGISTRY=ghcr.io
SHUFFLE_BASE_IMAGE_REPOSITORY=frikky
#SHUFFLE_BASE_IMAGE_TAG_SUFFIX="-1.4.0"

# For environments using their own docker registry
# where they don't want to update http, subflow and shuffle tools again
SHUFFLE_USE_GCHR_OVERRIDE_FOR_AUTODEPLOY=true

# The eth0 interface inside a container corresponds
# to the virtual Ethernet interface that connects
# the container to the docker0
SHUFFLE_SWARM_BRIDGE_DEFAULT_INTERFACE=eth0
# 1500 by default
SHUFFLE_SWARM_BRIDGE_DEFAULT_MTU=1500

# Used for auto-cleanup of containers. REALLY important at scale. Set to false to see all container info.
SHUFFLE_MEMCACHED=
SHUFFLE_CONTAINER_AUTO_CLEANUP=true
# The amount of concurrent executions Orborus can handle. This is a soft limit, but it's recommended to keep it low.
SHUFFLE_ORBORUS_EXECUTION_CONCURRENCY=5
SHUFFLE_HEALTHCHECK_DISABLED=false
SHUFFLE_ELASTIC=true
SHUFFLE_LOGS_DISABLED=false
SHUFFLE_CHAT_DISABLED=false
SHUFFLE_DISABLE_RERUN_AND_ABORT=false
SHUFFLE_RERUN_SCHEDULE=300
# Definition in case Worker & Orborus is talking to the wrong server
SHUFFLE_WORKER_SERVER_URL=
# Definition in case Orborus is pulling too often/not often enough
SHUFFLE_ORBORUS_PULL_TIME=
# Max recursion depth for subflows
SHUFFLE_MAX_EXECUTION_DEPTH=

# DATABASE CONFIGURATIONS
DATASTORE_EMULATOR_HOST=shuffle-database:8000
#SHUFFLE_OPENSEARCH_URL=http://shuffle-opensearch:9200
SHUFFLE_OPENSEARCH_URL=https://shuffle-opensearch:9200
SHUFFLE_OPENSEARCH_CERTIFICATE_FILE=
SHUFFLE_OPENSEARCH_APIKEY=
SHUFFLE_OPENSEARCH_CLOUDID=
SHUFFLE_OPENSEARCH_PROXY=
SHUFFLE_OPENSEARCH_INDEX_PREFIX=
SHUFFLE_OPENSEARCH_SKIPSSL_VERIFY=true
SHUFFLE_OPENSEARCH_USERNAME="admin"
SHUFFLE_OPENSEARCH_PASSWORD="StrongShufflePassword321!" # In use for the first time setup of OpenSearch + backend of Shuffle
OPENSEARCH_INITIAL_ADMIN_PASSWORD="StrongShufflePassword321!" # In use for the first time setup of OpenSearch

#Tenzir related
SHUFFLE_TENZIR_URL=


DEBUG_MODE=false
YETI_AUTH_SECRET_KEY=108189d29c56c1a3c1593a41778d727161c4517cefc5fe7be0c417597c16d5bdb298b48aee194a7285270d1ab8b956d3b5055b1b592130014764e1244f378064
YETI_AUTH_SECRET_KEY=25bec077d368448a9f642fb2e8562c4165d2611a310e6ee50924690e442e762ae9da1ca5bcf4ea38a84b8208b05e1e04d6bc73e5037aab98ff27653b070f2909
SURICATA_INT=ens160