Configuration¶
TheHive DXL Python Service application requires a set of configuration files to operate.
This distribution contains a config
sub-directory that includes the configuration files that must
be populated prior to running the application.
Each of these files are documented throughout the remainder of this page.
Application configuration directory:
config/ dxlclient.config dxlthehiveservice.config logging.config (optional)
DXL Client Configuration File (dxlclient.config)¶
The required
dxlclient.config
file is used to configure the DXL client that will connect to the DXL fabric.The steps to populate this configuration file are the same as those documented in the OpenDXL Python SDK, see the OpenDXL Python SDK Samples Configuration page for more information.
The following is an example of a populated DXL client configuration file:
[Certs] BrokerCertChain=c:\\certificates\\brokercerts.crt CertFile=c:\\certificates\\client.crt PrivateKey=c:\\certificates\\client.key [Brokers] {5d73b77f-8c4b-4ae0-b437-febd12facfd4}={5d73b77f-8c4b-4ae0-b437-febd12facfd4};8883;mybroker.mcafee.com;192.168.1.12 {24397e4d-645f-4f2f-974f-f98c55bdddf7}={24397e4d-645f-4f2f-974f-f98c55bdddf7};8883;mybroker2.mcafee.com;192.168.1.13
TheHive DXL Python Service (dxlthehiveservice.config)¶
The required
dxlthehiveservice.config
file is used to configure the application.The following is an example of a populated application configuration file:
[General] host=thehiveserver1 apiPrincipal=12345 apiNames=create_case,search_case_task,create_alert verifyCertificate=yes verifyCertBundle=thehiveCA.crtGeneral
The
[General]
section is used to specify TheHive server configuration and TheHive API methods which should be available to invoke via DXL.
Name Required Description host yes TheHive server hostname or IP address. apiNames yes The list of TheHive APIs for which corresponding request topics should be exposed to the DXL fabric, delimited by commas.
For example:
create_case,search_case_task,create_alert
With this example and the
serviceUniqueId
setting set tosample
, the request topics exposed to the DXL fabric would be:
/opendxl-thehive/service/thehive-api/sample/create_case
/opendxl-thehive/service/thehive-api/sample/search_case_task
/opendxl-thehive/service/thehive-api/sample/create_alert
The complete list of available API method names and parameters is available in the documentation at https://github.com/opendxl/opendxl-thehive-service-python/wiki/Service-Methods.
serviceUniqueId no An optional unique identifier used to identify the opendxl-thehive service on the DXL fabric. If set, this unique identifier will be appended to the name of each request topic used on the fabric. For example, if the serviceUniqueId is set to
sample
, the request topic names would start with the following:
/opendxl-thehive/service/thehive-api/sample/<method>
If serviceUniqueId is not set, request topic names would not include an id segment, for example:
/opendxl-thehive/service/thehive-api/<method>
apiPrincipal yes TheHive server's API principal. If apiPassword
is specified, the principal is treated as a user name. IfapiPassword
is empty or not specified, the principal is treated as an API key.apiPassword no TheHive server's API password. port no TheHive server's HTTP API port. Defaults to 9443
if useSSL isyes
. If useSSL is no, defaults to9000
.useSSL no Whether or not to use SSL/TLS for requests made to TheHive server. If set to yes
, SSL/TLS is used. Defaults toyes
.verifyCertificate no Whether to verify that TheHive server's certificate was signed by a valid certificate authority when SSL/TLS is being used. Defaults to yes
.verifyCertBundle no A path to a CA Bundle file containing certificates of trusted CAs. The CA Bundle is used to ensure that TheHive server being connected to was signed by a valid authority. Only applicable if verifyCertificate
isyes
.
Logging File (logging.config)¶
The optionallogging.config
file is used to configure how the application writes log messages.