Aller au contenu

ReplayConfig

None

Field Type Description Required Default
creator Creator Replay creator options
Yes
 See Creator for more details.
loader Loader Replay loader options
Yes
 See Loader for more details.

Creator

Replay creator configuration model

Field Type Description Required Default
client Client Client to use for Replay operations
Yes
 See Client for more details.
alert_input InputModule Input module for alerts
Yes
 See InputModule for more details.
badlist_input InputModule Input module for badlist items
Yes
 See InputModule for more details.
safelist_input InputModule Input module for safelist items
Yes
 See InputModule for more details.
signature_input InputModule Input module for signatures
Yes
 See InputModule for more details.
submission_input InputModule Input module for submissions
Yes
 See InputModule for more details.
workflow_input InputModule Input module for workflows
Yes
 See InputModule for more details.
lookback_time Keyword Lookback time for the Replay creator, e.g., '1d' for one day
Yes
 *
output_filestore Keyword Output filestore URI for the Replay creator, e.g., 'file:///tmp/replay/output'
Yes
 file:///tmp/replay/output
working_directory Keyword Working directory for the Replay creator, e.g., '/tmp/replay/work'
Yes
 /tmp/replay/work

Client

None

Field Type Description Required Default
type Enum Type of client to use for Replay operations
Supported values are:
"api", "direct"
Yes
 direct
options ClientOptions Options for the client
Optional
 See ClientOptions for more details.

ClientOptions

None

Field Type Description Required Default
host Keyword None
Yes
 https://localhost:443
user Keyword None
Yes
 admin
apikey Keyword None
Yes
 devkey:devpass
verify Boolean None
Yes
 True

InputModule

Input module configuration model for Replay creator operations

Field Type Description Required Default
enabled Boolean Is this input module enabled?
Yes
 True
threads Integer Number of threads to use for this input module
Yes
 6
filter_queries List [Keyword] List of filter queries to apply to this input module
Yes
 ['NOT extended_scan:submitted', 'workflows_completed:true']

Loader

Replay loader configuration model

Field Type Description Required Default
client Client Client to use for Replay loader operations
Yes
 See Client for more details.
failed_directory Keyword Directory to store failed Replay bundles
Yes
 /tmp/replay/failed
input_threads Integer Number of threads to use for loading input bundles
Yes
 6
input_directory Keyword Directory to load input Replay bundles from
Yes
 /tmp/replay/input
min_classification ClassificationString Minimum classification level for Replay bundles to be processed
Optional
 None
reclassification ClassificationString Classification level to reclassify Replay bundles to after being imported
Optional
 None
rescan List [Keyword] List of services to rescan after importing Replay bundles
Yes
 []
working_directory Keyword Working directory for the Replay loader, e.g., '/tmp/replay/work'
Yes
 /tmp/replay/work
sync_check_interval Integer How often to check on imported Replay bundles (in seconds)?
Yes
 3600

Client

None

Field Type Description Required Default
type Enum Type of client to use for Replay operations
Supported values are:
"api", "direct"
Yes
 direct
options ClientOptions Options for the client
Optional
 See ClientOptions for more details.

ClientOptions

None

Field Type Description Required Default
host Keyword None
Yes
 https://localhost:443
user Keyword None
Yes
 admin
apikey Keyword None
Yes
 devkey:devpass
verify Boolean None
Yes
 True