26 lines
792 B
YAML
26 lines
792 B
YAML
profile: default_remediation
|
|
filter: "sig.Labels.remediation == 'true' && not sig.Whitelisted"
|
|
api: true # If no api: specified, will use the default config in default.yaml
|
|
remediation:
|
|
ban: true
|
|
slow: true
|
|
captcha: true
|
|
duration: 4h
|
|
outputs:
|
|
- plugin: sqlite
|
|
---
|
|
profile: default_notification
|
|
filter: "sig.Labels.remediation != 'true'"
|
|
#remediation is empty, it means non taken
|
|
api: false
|
|
outputs:
|
|
- plugin: sqlite # If we do not want to push, we can remove this line and the next one
|
|
store: false
|
|
---
|
|
profile: send_false_positif_to_API
|
|
filter: "sig.Whitelisted == true && sig.Labels.remediation == 'true'"
|
|
#remediation is empty, it means non taken
|
|
api: true
|
|
outputs:
|
|
- plugin: sqlite # If we do not want to push, we can remove this line and the next one
|
|
store: false |