## For details of how to configure settings in this file, please see ## https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html ## QueryDefinitions: AzureSentinel: Workspaces: # # Add your default workspace and tenant here (uncomment next 3 lines) # Default: # WorkspaceId: your-workspace-id # TenantId: your-tenant-id # # Add additional named workspaces here - you can use these in the notebook # # with the syntax ws_config = WorkspaceConfig(workspace="WorkspaceAlpha") # # Each section must have a unique name. You can have any number of # # workspace definitions # WorkspaceAlpha: # WorkspaceId: alpha-workspace-id # TenantId: alpha-tenant-id TIProviders: # # Threat Intel service parameters are added here # # The Args section usually includes the authentication # # parameters: AuthKey (the API key) and in some cases others # # (e.g. XForce requires an ApiID key as well). The "AuthKey" name # # will be mapped onto the name used by the service, you should not # # to change this - e.g. some providers call this ApiKey. # OTX: # Args: # AuthKey: OTX-API-Key # Primary: True # Provider: "OTX" # VirusTotal: # Args: # AuthKey: VT-API-Key # Primary: False # Provider: "VirusTotal" # XForce: # Args: # ApiID: XForce-API-ID # AuthKey: XForce-Auth-Key # Primary: True # Provider: "XForce" # AzureSentinel: # # The Microsoft sentinel TI data can be in a different workspace # # to the workspace where your data is. If it is different, # # both workspaces must be in the same tenant. This is a limitation # # of the Log Analytics client library. # Args: # workspace_id: your-workspace-id # tenant_id: your-tenant-id # Primary: True # Provider: "AzSTI" OtherProviders: # # Other data providers # GeoIPLite: # Args: # AuthKey: # EnvironmentVar: "MAXMIND_AUTH" # DBFolder: "~/.msticpy" # Provider: "GeoLiteLookup" # IPStack: # Args: # AuthKey: # EnvironmentVar: "IPSTACK_AUTH" # Provider: "IPStackLookup"