-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy path.env.example
More file actions
154 lines (142 loc) · 5.99 KB
/
Copy path.env.example
File metadata and controls
154 lines (142 loc) · 5.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# Database
# REQUIRED: DB_PASS must be set to a strong password. The app will refuse to
# start with a ValidationError if this variable is missing or empty.
# Generate with: openssl rand -hex 32
DB_NAME=adversarygraph
DB_USER=ag_user
DB_PASS=CHANGE_ME_STRONG_LOCAL_PASSWORD
# Redis authentication — MUST be set to a strong random value in production.
# Generate with: openssl rand -hex 32
REDIS_PASSWORD=CHANGE_ME_STRONG_REDIS_PASSWORD
# External persistent Postgres data directory created on first deployment.
# Keep this folder when rebuilding containers; it stores private/custom data and synced references.
ADVERSARYGRAPH_DB_DIR=./data/postgres
# AI Provider Keys (at least one required for analysis features)
ANTHROPIC_API_KEY=
OPENAI_API_KEY=
OPENAI_MODEL=gpt-4.1
GEMINI_API_KEY=
MINIMAX_API_KEY=
MINIMAX_MODEL=MiniMax-M3
MINIMAX_BASE_URL=https://api.minimax.io/v1
# Local OpenAI-compatible LLM endpoint.
# Examples:
# Ollama on host: LOCAL_LLM_BASE_URL=http://host.docker.internal:11434/v1
# LM Studio on host: LOCAL_LLM_BASE_URL=http://host.docker.internal:1234/v1
LOCAL_LLM_BASE_URL=http://host.docker.internal:11434/v1
LOCAL_LLM_API_KEY=
LOCAL_LLM_MODEL=llama3.1:8b
# Internal MalwareGraph -> AdversaryGraph LLM proxy. Keep this in docker compose.
ADVERSARYGRAPH_LLM_PROXY_URL=http://api:8000/api/malwaregraph/llm/complete
MALWAREGRAPH_AI_STRING_TIMEOUT_SECONDS=180
MALWAREGRAPH_AI_STRING_PROMPT_MAX_CHARS=120000
# ATT&CK Domains to ingest (comma-separated, no spaces)
# Options: enterprise-attack, mobile-attack, ics-attack, atlas
ATTCK_DOMAINS=enterprise-attack,mobile-attack,ics-attack,atlas
# IOC intelligence feeds.
# Free ThreatFox auth keys are available from abuse.ch Auth.
THREATFOX_AUTH_KEY=
# Start a non-blocking full IOC source sync after API startup.
# This refreshes ThreatFox, Malpedia, OTX, and enabled custom feeds.
AUTO_IOC_FULL_SYNC_ON_STARTUP=true
AUTO_THREATFOX_SYNC_DAYS=7
# Daily dynamic DB refresh in UTC: ATT&CK/ATLAS, MISP Galaxy, ThreatFox/Malpedia/OTX/custom feeds.
DYNAMIC_DB_SYNC_HOUR=3
DYNAMIC_DB_SYNC_MINUTE=30
DYNAMIC_DB_IOC_SYNC_DAYS=7
# Optional NVD API key. CVE sync works without it, but public rate limits are lower.
NVD_API_KEY=
# Optional AlienVault OTX key for actor-attributed pulse IOC sync.
OTX_API_KEY=
# Optional VirusTotal key for on-demand IOC reputation, TTP, and actor-context lookup.
VIRUSTOTAL_API_KEY=
# Optional investigation pivots. urlscan works without a key at public limits.
# GreyNoise Community is used by default and does not require a key.
URLSCAN_API_KEY=
# Reserved for future GreyNoise paid API support; not required for Community lookup.
GREYNOISE_API_KEY=
SHODAN_API_KEY=
ABUSEIPDB_API_KEY=
# Censys Platform Personal Access Token and optional organization ID.
CENSYS_API_KEY=
CENSYS_ORG_ID=
# Product Security vulnerability, package, exploit, lifecycle, and exposure feeds.
# Core public feeds work without keys: CISA KEV, FIRST EPSS, OSV.dev, and public GitHub/NVD limits.
# Add optional keys/tokens below for higher limits, paid/private enrichment, and exposure monitoring.
# Uncomment and set only the providers you use.
# GITHUB_TOKEN=
# GITLAB_TOKEN=
# MSRC_API_KEY=
# DEPS_DEV_API_KEY=
# VULNCHECK_API_KEY=
# SNYK_TOKEN=
# SOCKET_TOKEN=
# ENDOFLIFE_DATE_TOKEN=
# HIBP_API_KEY=
# LEAKIX_API_KEY=
# SPYCLOUD_API_KEY=
# FLARE_API_KEY=
# DARKOWL_API_KEY=
# INTEL471_API_KEY=
# KELA_API_KEY=
# RECORDED_FUTURE_API_KEY=
# Optional OpenCTI symmetric sync.
# OPENCTI_URL is the base URL, for example https://opencti.example.com.
# OPENCTI_TOKEN is a personal/API token with permission to read indicators,
# observables, reports, labels, and create indicators/reports.
OPENCTI_URL=
OPENCTI_TOKEN=
OPENCTI_SYNC_LIMIT=500
OPENCTI_VERIFY_TLS=true
# MalwareGraph integrated malware-analysis module.
# Runs as a private service in docker-compose and is proxied through AdversaryGraph API.
MALWAREGRAPH_API_KEY=
MALWAREGRAPH_RETENTION_DAYS=7
MALWAREGRAPH_ENABLE_DYNAMIC_DEBUG=false
MALWAREGRAPH_REQUEST_TIMEOUT_SECONDS=30
MALWAREGRAPH_UPLOAD_TIMEOUT_SECONDS=180
MALWAREGRAPH_LONG_TIMEOUT_SECONDS=300
MALWAREGRAPH_LOG_LEVEL=info
MALWAREGRAPH_MAX_LOG_BYTES=10485760
MALWAREGRAPH_LOG_BACKUP_COUNT=5
# Logging: debug, info, warning, error
LOG_LEVEL=info
LOG_DIR=logs
LOG_MAX_BYTES=10485760
LOG_BACKUP_COUNT=5
# CORS allowed origins — comma-separated list of frontend origins.
# In production set this to your actual domain, e.g.:
# CORS_ALLOWED_ORIGINS=https://adversarygraph.example.com
CORS_ALLOWED_ORIGINS=http://localhost:3000
# Optional team authentication and enterprise access.
# Native username/password login is available when AUTH_ENABLED=true.
# For first bootstrap only, set AUTH_BOOTSTRAP_ADMIN_PASSWORD to a strong
# temporary value, start the API, sign in as AUTH_BOOTSTRAP_ADMIN_USERNAME,
# create named users, then clear the bootstrap password.
# Roles: viewer, analyst, threat_intel, detection_engineer, incident_responder,
# auditor, security_admin, service_account, admin.
# Trusted OIDC/SAML reverse-proxy auth is supported when the proxy sets
# X-Auth-User and X-Auth-Roles and signs the request with PROXY_SECRET.
# WARNING: when AUTH_ENABLED=false, every request is treated as authenticated.
# Do not expose this instance to untrusted networks without enabling auth.
AUTH_ENABLED=false
AUTH_SSO_MODE=proxy
AUTH_DEFAULT_ROLE=viewer
AUTH_SESSION_MINUTES=720
AUTH_PASSWORD_MIN_LENGTH=12
AUTH_PASSWORD_REQUIRE_UPPER=false
AUTH_PASSWORD_REQUIRE_LOWER=false
AUTH_PASSWORD_REQUIRE_NUMBER=false
AUTH_PASSWORD_REQUIRE_SPECIAL=false
AUTH_MFA_ENABLED=false
AUTH_BOOTSTRAP_ADMIN_USERNAME=admin
AUTH_BOOTSTRAP_ADMIN_PASSWORD=
# PROXY_SECRET must be set when using header-based auth behind a reverse proxy.
# The proxy must forward X-Internal-Proxy-Secret with this value and MUST strip
# any client-supplied X-Auth-User, X-Auth-Roles, and X-Internal-Proxy-Secret
# headers before proxying requests to the API.
PROXY_SECRET=
# Autonomous Anomaly Detection Atlas synchronization
ATLAS_REPOSITORY=https://github.com/anpa1200/anomaly-detection-atlas.git
ATLAS_SYNC_INTERVAL=3600
REFERENCE_URL=http://localhost:3001/anomaly-detection-atlas