debug-iter-topology
in makefile
to debug running topologyiter-files-mails
, that uses generator to send mails to topology. It's memory safe and stablePublished by fedelemantuano over 5 years ago
mail-parser
and streamparse
.Published by fedelemantuano about 6 years ago
dialect
section in main configuration filemail-parser
and Apache Tika
modulesPublished by fedelemantuano over 6 years ago
mail-parser
library, now SpamScope stores all mail headersPublished by fedelemantuano over 6 years ago
Published by fedelemantuano over 6 years ago
store_samples
attachments post processing, to store samples on filesystem.list
key, so they are automatically loaded:# Attachments bolt configuration
attachments:
# The lists of all components must be under lists keyword to load them
# automatically
commons:
lists:
blacklist_content_types:
# All content types to remove from results
# Example in content_types/blacklist/generic.example.yml
generic: /path/to/generic_content_types
custom: /path/to/custom_content_types
not_extract_content_types:
# All content types that you don't want extract from archive
# Example: application/java-archive (jar), you can save the jar
# but do not extract the class inside.
generic: /path/to/generic_content_types
custom: /path/to/custom_content_types
Published by fedelemantuano over 6 years ago
index.mapping.ignore_malformed
).Dockerfile
example: debug images.mail-parser
and streamparse
.to_domains
in main report: domains of to
header.Published by fedelemantuano almost 7 years ago
heartbeat timeout
when using Thug, getting custom header now not raise pystorm/serializers/json_serializer.py
and you can avoid to set blacklist or whitelist in configuration.waiting.sleep
in configuration spout file to avoid Apache Storm timeout.Thug
section has more important options.debug
environment in config.json
.docker-compose
example for debug use.requirements
in optional
and not
.os.kill
with raise
. Added more options.Published by fedelemantuano almost 7 years ago
mail-parser
Apache Tika
support to 1.16
versionspamscope-elasticsearch
can be used in the cases where Elasticsearch is behind a reverse proxy. You can use RFC-1738 formatted URLs.Published by fedelemantuano almost 7 years ago
Outlook
mail (msg format). Enable flag outlook: True
in mailboxes main configuration for folders that have this mail format.headers:
list in mailboxes main configuration (see configuration example in this repository).mail-parser
and streamparse
.receiveds
in main output.phishing
bolt.binary
attachments have a flag binary
.zip
attachments.quoted-printable
headers mail.Published by fedelemantuano over 7 years ago
Apache Tika
, Streamparse
and Shodan
.editorconfig
to setup editor for SpamScopePublished by fedelemantuano over 7 years ago
Published by fedelemantuano over 7 years ago
Published by fedelemantuano over 7 years ago
streamparse
and elasticsearch
.analisys_date
field in attachments analysis.Published by fedelemantuano over 7 years ago
true
mail has attachments.true
the mail has attachments that are not filtered.+ # If True the same ip address is filtered and not analyzed.
+ filter_network: True
+
+ # Max number of hashes saved for filter function
+ maxlen_network: 1000000
+# Network bolt configuration
+network:
+ shodan:
+ enabled: False
+ api_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+
+ virustotal:
+ enabled: False
+ api_key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Published by fedelemantuano over 7 years ago
Published by fedelemantuano over 7 years ago
Published by fedelemantuano over 7 years ago
Published by fedelemantuano over 7 years ago
mail-parser
.+ zemana:
+ enabled: False
+
+ PartnerId: xxxxx
+ UserId: xxxxx
+ ApiKey: xxxxx
+ useragent: SpamScope
Published by fedelemantuano over 7 years ago
mail-parser
and tika-app
.