Aller au contenu

Service

Service Configuration

Field Type Description Required Default
accepts Keyword Regex to accept files as identified by Assemblyline
Yes
.*
rejects Keyword Regex to reject files as identified by Assemblyline
Optional
empty|metadata/.*
category Keyword Which category does this service belong to?
Yes
Static Analysis
classification ClassificationString Classification of the service
Yes
TLP:C
config Mapping [String, Any] Service Configuration
Yes
{}
description Text Description of service
Yes
NA
default_result_classification ClassificationString Default classification assigned to service results
Yes
TLP:C
enabled Boolean Is the service enabled (by default)?
Yes
False
is_external Boolean Does this service perform analysis outside of Assemblyline?
Yes
False
licence_count Integer How many licences is the service allowed to use?
Yes
0
min_instances Integer The minimum number of service instances. Overrides Scaler's min_instances configuration.
Optional
None
max_queue_length Integer If more than this many jobs are queued for this service drop those over this limit. 0 is unlimited.
Yes
0
uses_tags Boolean Does this service use tags from other services for analysis?
Yes
False
uses_tag_scores Boolean Does this service use scores of tags from other services for analysis?
Yes
False
uses_temp_submission_data Boolean Does this service use temp data from other services for analysis?
Yes
False
uses_metadata Boolean Does this service use submission metadata for analysis?
Yes
False
monitored_keys List [Keyword] This service watches these temporary keys for changes when partial results are produced.
Yes
[]
name Keyword Name of service
Yes
None
version Keyword Version of service
Yes
None
privileged Boolean Should the service be able to talk to core infrastructure or just service-server for tasking?
Yes
False
disable_cache Boolean Should the result cache be disabled for this service?
Yes
False
stage Keyword Which execution stage does this service run in?
Yes
CORE
submission_params List [SubmissionParams] Submission parameters of service
Yes
[]
timeout Integer Service task timeout, in seconds
Yes
60
docker_config DockerConfig Docker configuration for service
Yes
None
dependencies Mapping [String, DependencyConfig] Dependency configuration for service
Yes
See DependencyConfig for more details.
update_channel Enum What channel to watch for service updates?
Supported values are:
"beta", "dev", "rc", "stable"
Yes
stable
update_config UpdateConfig Update configuration for fetching external resources
Optional
None
recursion_prevention List [Keyword] List of service names/categories where recursion is prevented.
Yes
[]

DependencyConfig

Container's Dependency Configuration

Field Type Description Required Default
container DockerConfig Docker container configuration for dependency
Yes
None
volumes Mapping [String, PersistentVolume] Volume configuration for dependency
Yes
See PersistentVolume for more details.
run_as_core Boolean Should this dependency run as other core components?
Yes
False

DockerConfig

Docker Container Configuration

Field Type Description Required Default
allow_internet_access Boolean Does the container have internet-access?
Yes
False
command List [Keyword] Command to run when container starts up.
Optional
None
cpu_cores Float CPU allocation
Yes
1.0
environment List [EnvironmentVariable] Additional environemnt variables for the container
Yes
[]
image Keyword Complete name of the Docker image with tag, may include registry
Yes
None
registry_username Keyword The username to use when pulling the image
Optional
``
registry_password Keyword The password or token to use when pulling the image
Optional
``
registry_type Enum The type of container registry
Supported values are:
"docker", "harbor"
Yes
docker
ports List [Keyword] What ports of container to expose?
Yes
[]
ram_mb Integer Container RAM limit
Yes
512
ram_mb_min Integer Container RAM request
Yes
256
service_account Keyword None
Optional
None
labels List [EnvironmentVariable] Additional container labels.
Yes
[]

EnvironmentVariable

Environment Variable Model

Field Type Description Required Default
name Keyword Name of Environment Variable
Yes
None
value Keyword Value of Environment Variable
Yes
None

PersistentVolume

Container's Persistent Volume Configuration

Field Type Description Required Default
mount_path Keyword Path into the container to mount volume
Yes
None
capacity Keyword The amount of storage allocated for volume
Yes
None
storage_class Keyword Storage class used to create volume
Yes
None
access_mode Enum Access mode for volume
Supported values are:
"ReadWriteMany", "ReadWriteOnce"
Yes
ReadWriteOnce

DockerConfig

Docker Container Configuration

Field Type Description Required Default
allow_internet_access Boolean Does the container have internet-access?
Yes
False
command List [Keyword] Command to run when container starts up.
Optional
None
cpu_cores Float CPU allocation
Yes
1.0
environment List [EnvironmentVariable] Additional environemnt variables for the container
Yes
[]
image Keyword Complete name of the Docker image with tag, may include registry
Yes
None
registry_username Keyword The username to use when pulling the image
Optional
``
registry_password Keyword The password or token to use when pulling the image
Optional
``
registry_type Enum The type of container registry
Supported values are:
"docker", "harbor"
Yes
docker
ports List [Keyword] What ports of container to expose?
Yes
[]
ram_mb Integer Container RAM limit
Yes
512
ram_mb_min Integer Container RAM request
Yes
256
service_account Keyword None
Optional
None
labels List [EnvironmentVariable] Additional container labels.
Yes
[]

EnvironmentVariable

Environment Variable Model

Field Type Description Required Default
name Keyword Name of Environment Variable
Yes
None
value Keyword Value of Environment Variable
Yes
None

SubmissionParams

Submission Parameters for Service

Field Type Description Required Default
default Any Default value (must match value in value field)
Yes
None
name Keyword Name of parameter
Yes
None
type Enum Type of parameter
Supported values are:
"bool", "int", "list", "str"
Yes
None
value Any Default value (must match value in default field)
Yes
None
list Any List of values if type: list
Optional
None
hide Boolean Should this parameter be hidden?
Yes
False

UpdateConfig

Update Configuration for Signatures

Field Type Description Required Default
generates_signatures Boolean Does the updater produce signatures?
Yes
False
sources List [UpdateSource] List of external sources
Yes
[]
update_interval_seconds Integer Update check interval, in seconds
Yes
None
wait_for_update Boolean Should the service wait for updates first?
Yes
False
signature_delimiter Enum Delimiter used when given a list of signatures
Supported values are:
"comma", "custom", "double_new_line", "file", "new_line", "none", "pipe", "space"
Yes
double_new_line
custom_delimiter Keyword Custom delimiter definition
Optional
None

UpdateSource

Update Source Configuration

Field Type Description Required Default
name Keyword Name of source
Yes
None
password Keyword Password used to authenticate with source
Optional
``
pattern Keyword Pattern used to find files of interest from source
Optional
``
private_key Keyword Private key used to authenticate with source
Optional
``
ca_cert Keyword CA cert for source
Optional
``
ssl_ignore_errors Boolean Ignore SSL errors when reaching out to source?
Yes
False
proxy Keyword Proxy server for source
Optional
``
uri Keyword URI to source
Yes
None
username Keyword Username used to authenticate with source
Optional
``
headers List [EnvironmentVariable] Headers
Yes
[]
default_classification Classification Default classification used in absence of one defined in files from source
Yes
TLP:C
git_branch Keyword Branch to checkout from Git repository.
Optional
``
sync Boolean Synchronize signatures with remote source. Allows system to auto-disable signatures no longer found in source.
Yes
False
fetch_method Enum Fetch method to be used with source
Supported values are:
"GET", "GIT", "POST"
Yes
GET
enabled Boolean Is this source active for periodic fetching?
Yes
True
override_classification Boolean Should the source's classfication override the signature's self-defined classification, if any?
Yes
False
configuration Mapping [String, Any] Processing configuration for source
Yes
{}
update_interval Integer Update check interval, in seconds, for this source
Optional
None
ignore_cache Boolean Ignore source caching and forcefully fetch from source
Yes
False

EnvironmentVariable

Environment Variable Model

Field Type Description Required Default
name Keyword Name of Environment Variable
Yes
None
value Keyword Value of Environment Variable
Yes
None