Newer
Older
{
// Warden config can be also referenced as:
// "warden": "/path/to/warden_client.cfg"
"warden": {
"url": "https://example.com/warden3",
"cafile": "tcs-ca-bundle.pem",
"timeout": 10,
"errlog": {"level": "debug"},
"filelog": {"level": "debug"},
"idstore": "myclient.id",
"name": "com.example.warden.test",
"secret": "SeCrEt"
},
"sender": {
// Maildir like directory, whose "incoming" subdir will be checked
// for Idea events to send out
"dir": "warden_sender",
// Optional filter fields, unmatched events are discarded (and removed)
"filter": {
"cat": ["Test", "Recon.Scanning"],
"nocat": null,
"group": ["cz.example"],
"nogroup": null,
"tag": null,
"notag": ["Honeypot"]
},
// Optional information about detector to be prepended into Idea Node array
"node": {
"Name": "cz.example.warden.test_sender",
"Type": ["Relay"],
"SW": ["warden_filer-sender"],
"AggrWin": "00:05:00",
}
},
"receiver": {
// Maildir like directory, whose "incoming" will serve as target for events
"dir": "warden_receiver",
// Optional filter fields for Warden query
"filter": {
"cat": ["Test", "Recon.Scanning"],
"nocat": null,
"group": ["cz.cesnet"],
"nogroup": null,
"tag": null,
"notag": ["Honeypot"]
// Optional information about detector to be prepended into Idea Node array
"node": {
"Name": "cz.example.warden.test_receiver",
"Type": ["Relay"],
"SW": ["warden_filer-receiver"],
"AggrWin": "00:05:00",
"Note": "Test warden_filer receiver"
}