Updated default module configuration files.

According to our current production installation. (Redmine issue: #3387)

Updated default module configuration files.
96604a0a · Jan Mach · cd3464c4 · 96604a0a · 96604a0a · 96604a0a
Commit 96604a0a authored 5 years ago by Jan Mach
--- a/conf/mentat-cleanup.py.conf
+++ b/conf/mentat-cleanup.py.conf
@@ -10,10 +10,10 @@
    #---------------------------------------------------------------------------
    # Path to database files (for disk usage measurements).
-    #   default: "/var/lib/postgresql/10/main"
+    #   default: "/var/lib/postgresql/12/main"
    #   type:    string
    #
-    "db_path": "/var/lib/postgresql/10/main",
+    "db_path": "/var/lib/postgresql/12/main",
    # Perform simulation, do not remove anything (flag).
    #   default: false
@@ -128,8 +128,8 @@
    #"regular": false,
    #"shell": false,
-    #"command": "generate",
+    #"command": "cleanup",
-    "interval": "6_hourly",
+    "interval": "hourly",
    #"adjust_thresholds": false,
    #"time_high": null,

--- a/conf/mentat-controller.py.conf
+++ b/conf/mentat-controller.py.conf
@@ -86,23 +86,6 @@
            ]
        }
-        #
-        # [CHAIN A|ENTRY]: Message inspection module - event classifications
-        #
-        #{
-        #    "exec": "mentat-inspector.py",
-        #    # Enable multiple instances working the same queue directory
-        #    #"paralel": true,
-        #    # In case of paralel mode, you MUST set the required number of instances
-        #    #"count": 3,
-        #    "args": [
-        #        # Enable debug information before daemonization
-        #        #"--debug"
-        #        # Force logging level ['debug', 'info', 'warning', 'error', 'critical']
-        #        #"--log-level=debug"
-        #    ]
-        #}
        #
        # [CHAIN B|ENTRY|FINAL]: Additional message inspection module
        #

--- a/conf/mentat-inspector-b.py.conf
+++ b/conf/mentat-inspector-b.py.conf
@@ -110,14 +110,14 @@
        },
        {
            "name": "Check: Source Type Unknown",
-            "rule": "exists Source.Type and not Source.Type in ['Proxy', 'OriginMalware', 'OriginSandbox', 'OriginSpam', 'Phishing', 'Malware', 'MITM', 'Spam', 'Backscatter', 'Open', 'Poisoned', 'FastFlux', 'Botnet', 'CC', 'Tor', 'Incomplete']",
+            "rule": "exists Source.Type and not Source.Type in ['Proxy', 'OriginMalware', 'OriginSandbox', 'OriginSpam', 'OriginBlacklist', 'Phishing', 'Malware', 'MITM', 'Spam', 'Backscatter', 'Open', 'Poisoned', 'FastFlux', 'Botnet', 'CC', 'Tor', 'Incomplete', 'Anonymised']",
            "actions": [
                {"action": "tag", "args": {"path": "_CESNET.InspectionErrors[*]", "value": "Source_Type_unknown", "unique": true}}
            ]
        },
        {
            "name": "Check: Target Type Unknown",
-            "rule": "exists Target.Type and not Target.Type in ['Proxy', 'OriginMalware', 'OriginSandbox', 'OriginSpam', 'Phishing', 'Malware', 'MITM', 'Spam', 'Backscatter', 'Open', 'Poisoned', 'FastFlux', 'Botnet', 'CC', 'Tor', 'Incomplete']",
+            "rule": "exists Target.Type and not Target.Type in ['Proxy', 'OriginMalware', 'OriginSandbox', 'OriginSpam', 'Phishing', 'Malware', 'MITM', 'Spam', 'Backscatter', 'Open', 'Poisoned', 'FastFlux', 'Botnet', 'CC', 'Tor', 'Incomplete', 'Anonymised']",
            "actions": [
                {"action": "tag", "args": {"path": "_CESNET.InspectionErrors[*]", "value": "Target_Type_unknown", "unique": true}}
            ]