forked from rabbitstack/fibratus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfibratus.yml
55 lines (52 loc) · 994 Bytes
/
fibratus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
image_meta:
enabled: false
imports: false
file_info: false
skips:
images:
- svchost.exe
- smss.exe
- services.exe
- taskmgr.exe
- dwm.exe
- vprot.exe
- lsass.exe
- sihost.exe
- system
output:
- console:
format: pretty
# - amqp:
# host: 127.0.0.1
# port: 5672
# username: guest
# password: guest
# vhost: /
# exchange: amq.direct
# routingkey: fibratus
# - smtp:
# host: smtp.gmail.com
# port: 587
# from: [email protected]
# password: secret
# to:
# - elasticsearch:
# hosts:
# - localhost:9200
# index: kernelstream
# index_type: daily
# daily_index_format: %Y.%m.%d
# document: threads
# bulk: False
# username: elastic
# password: changeme
# ssl: True
# - fs:
# path: D:\\
# mode: a
# format: json
#binding:
# - yara:
# path: D:\yara-rules