Service¶
Service Configuration
Field | Type | Description | Required | Default |
---|---|---|---|---|
accepts | Keyword | Regex to accept files as identified by Assemblyline | Yes |
.* |
rejects | Keyword | Regex to reject files as identified by Assemblyline | Optional |
empty|metadata/.* |
category | Keyword | Which category does this service belong to? | Yes |
Static Analysis |
classification | ClassificationString | Classification of the service | Yes |
TLP:C |
config | Mapping [String, Any] | Service Configuration | Yes |
{} |
description | Text | Description of service | Yes |
NA |
default_result_classification | ClassificationString | Default classification assigned to service results | Yes |
TLP:C |
enabled | Boolean | Is the service enabled (by default)? | Yes |
False |
is_external | Boolean | Does this service perform analysis outside of Assemblyline? | Yes |
False |
licence_count | Integer | How many licences is the service allowed to use? | Yes |
0 |
min_instances | Integer | The minimum number of service instances. Overrides Scaler's min_instances configuration. | Optional |
None |
max_queue_length | Integer | If more than this many jobs are queued for this service drop those over this limit. 0 is unlimited. | Yes |
0 |
uses_tags | Boolean | Does this service use tags from other services for analysis? | Yes |
False |
uses_tag_scores | Boolean | Does this service use scores of tags from other services for analysis? | Yes |
False |
uses_temp_submission_data | Boolean | Does this service use temp data from other services for analysis? | Yes |
False |
uses_metadata | Boolean | Does this service use submission metadata for analysis? | Yes |
False |
monitored_keys | List [Keyword] | This service watches these temporary keys for changes when partial results are produced. | Yes |
[] |
name | Keyword | Name of service | Yes |
None |
version | Keyword | Version of service | Yes |
None |
privileged | Boolean | Should the service be able to talk to core infrastructure or just service-server for tasking? | Yes |
False |
disable_cache | Boolean | Should the result cache be disabled for this service? | Yes |
False |
stage | Keyword | Which execution stage does this service run in? | Yes |
CORE |
submission_params | List [SubmissionParams] | Submission parameters of service | Yes |
[] |
timeout | Integer | Service task timeout, in seconds | Yes |
60 |
docker_config | DockerConfig | Docker configuration for service | Yes |
None |
dependencies | Mapping [String, DependencyConfig] | Dependency configuration for service | Yes |
See DependencyConfig for more details. |
update_channel | Enum | What channel to watch for service updates? Supported values are: "beta", "dev", "rc", "stable" |
Yes |
stable |
update_config | UpdateConfig | Update configuration for fetching external resources | Optional |
None |
recursion_prevention | List [Keyword] | List of service names/categories where recursion is prevented. | Yes |
[] |
DependencyConfig¶
Container's Dependency Configuration
Field | Type | Description | Required | Default |
---|---|---|---|---|
container | DockerConfig | Docker container configuration for dependency | Yes |
None |
volumes | Mapping [String, PersistentVolume] | Volume configuration for dependency | Yes |
See PersistentVolume for more details. |
run_as_core | Boolean | Should this dependency run as other core components? | Yes |
False |
DockerConfig¶
Docker Container Configuration
Field | Type | Description | Required | Default |
---|---|---|---|---|
allow_internet_access | Boolean | Does the container have internet-access? | Yes |
False |
command | List [Keyword] | Command to run when container starts up. | Optional |
None |
cpu_cores | Float | CPU allocation | Yes |
1.0 |
environment | List [EnvironmentVariable] | Additional environemnt variables for the container | Yes |
[] |
image | Keyword | Complete name of the Docker image with tag, may include registry | Yes |
None |
registry_username | Keyword | The username to use when pulling the image | Optional |
`` |
registry_password | Keyword | The password or token to use when pulling the image | Optional |
`` |
registry_type | Enum | The type of container registry Supported values are: "docker", "harbor" |
Yes |
docker |
ports | List [Keyword] | What ports of container to expose? | Yes |
[] |
ram_mb | Integer | Container RAM limit | Yes |
512 |
ram_mb_min | Integer | Container RAM request | Yes |
256 |
service_account | Keyword | None | Optional |
None |
labels | List [EnvironmentVariable] | Additional container labels. | Yes |
[] |
EnvironmentVariable¶
Environment Variable Model
Field | Type | Description | Required | Default |
---|---|---|---|---|
name | Keyword | Name of Environment Variable | Yes |
None |
value | Keyword | Value of Environment Variable | Yes |
None |
PersistentVolume¶
Container's Persistent Volume Configuration
Field | Type | Description | Required | Default |
---|---|---|---|---|
mount_path | Keyword | Path into the container to mount volume | Yes |
None |
capacity | Keyword | The amount of storage allocated for volume | Yes |
None |
storage_class | Keyword | Storage class used to create volume | Yes |
None |
access_mode | Enum | Access mode for volume Supported values are: "ReadWriteMany", "ReadWriteOnce" |
Yes |
ReadWriteOnce |
DockerConfig¶
Docker Container Configuration
Field | Type | Description | Required | Default |
---|---|---|---|---|
allow_internet_access | Boolean | Does the container have internet-access? | Yes |
False |
command | List [Keyword] | Command to run when container starts up. | Optional |
None |
cpu_cores | Float | CPU allocation | Yes |
1.0 |
environment | List [EnvironmentVariable] | Additional environemnt variables for the container | Yes |
[] |
image | Keyword | Complete name of the Docker image with tag, may include registry | Yes |
None |
registry_username | Keyword | The username to use when pulling the image | Optional |
`` |
registry_password | Keyword | The password or token to use when pulling the image | Optional |
`` |
registry_type | Enum | The type of container registry Supported values are: "docker", "harbor" |
Yes |
docker |
ports | List [Keyword] | What ports of container to expose? | Yes |
[] |
ram_mb | Integer | Container RAM limit | Yes |
512 |
ram_mb_min | Integer | Container RAM request | Yes |
256 |
service_account | Keyword | None | Optional |
None |
labels | List [EnvironmentVariable] | Additional container labels. | Yes |
[] |
EnvironmentVariable¶
Environment Variable Model
Field | Type | Description | Required | Default |
---|---|---|---|---|
name | Keyword | Name of Environment Variable | Yes |
None |
value | Keyword | Value of Environment Variable | Yes |
None |
SubmissionParams¶
Submission Parameters for Service
Field | Type | Description | Required | Default |
---|---|---|---|---|
default | Any | Default value (must match value in value field) |
Yes |
None |
name | Keyword | Name of parameter | Yes |
None |
type | Enum | Type of parameter Supported values are: "bool", "int", "list", "str" |
Yes |
None |
value | Any | Default value (must match value in default field) |
Yes |
None |
list | Any | List of values if type: list |
Optional |
None |
hide | Boolean | Should this parameter be hidden? | Yes |
False |
UpdateConfig¶
Update Configuration for Signatures
Field | Type | Description | Required | Default |
---|---|---|---|---|
generates_signatures | Boolean | Does the updater produce signatures? | Yes |
False |
sources | List [UpdateSource] | List of external sources | Yes |
[] |
update_interval_seconds | Integer | Update check interval, in seconds | Yes |
None |
wait_for_update | Boolean | Should the service wait for updates first? | Yes |
False |
signature_delimiter | Enum | Delimiter used when given a list of signatures Supported values are: "comma", "custom", "double_new_line", "file", "new_line", "none", "pipe", "space" |
Yes |
double_new_line |
custom_delimiter | Keyword | Custom delimiter definition | Optional |
None |
UpdateSource¶
Update Source Configuration
Field | Type | Description | Required | Default |
---|---|---|---|---|
name | Keyword | Name of source | Yes |
None |
password | Keyword | Password used to authenticate with source | Optional |
`` |
pattern | Keyword | Pattern used to find files of interest from source | Optional |
`` |
private_key | Keyword | Private key used to authenticate with source | Optional |
`` |
ca_cert | Keyword | CA cert for source | Optional |
`` |
ssl_ignore_errors | Boolean | Ignore SSL errors when reaching out to source? | Yes |
False |
proxy | Keyword | Proxy server for source | Optional |
`` |
uri | Keyword | URI to source | Yes |
None |
username | Keyword | Username used to authenticate with source | Optional |
`` |
headers | List [EnvironmentVariable] | Headers | Yes |
[] |
default_classification | Classification | Default classification used in absence of one defined in files from source | Yes |
TLP:C |
git_branch | Keyword | Branch to checkout from Git repository. | Optional |
`` |
sync | Boolean | Synchronize signatures with remote source. Allows system to auto-disable signatures no longer found in source. | Yes |
False |
fetch_method | Enum | Fetch method to be used with source Supported values are: "GET", "GIT", "POST" |
Yes |
GET |
enabled | Boolean | Is this source active for periodic fetching? | Yes |
True |
override_classification | Boolean | Should the source's classfication override the signature's self-defined classification, if any? | Yes |
False |
configuration | Mapping [String, Any] | Processing configuration for source | Yes |
{} |
update_interval | Integer | Update check interval, in seconds, for this source | Optional |
None |
ignore_cache | Boolean | Ignore source caching and forcefully fetch from source | Yes |
False |
EnvironmentVariable¶
Environment Variable Model
Field | Type | Description | Required | Default |
---|---|---|---|---|
name | Keyword | Name of Environment Variable | Yes |
None |
value | Keyword | Value of Environment Variable | Yes |
None |