Configuration

The connector looks for config.yml in the current directory to read configuration.

In case of Docker container usage, the "current directory" is /app.

Optionally, many of the configuration settings can be handled solely by environment variables as described in the table below. This can be helpful to spin up a quick container to only specify what you need, beyond the defaults.

Configuration parameters

YAML Parameter	Environment Variable	Mandatory	Description
`opencti.url`	`OPENCTI_URL`	Yes	The URL of the OpenCTI Platform.
`opencti.token`	`OPENCTI_TOKEN`	Yes	Access token to the OpenCTI Platform.
`opencti.ssl_verify`	`OPENCTI_SSL_VERIFY`	No	Whether to use TLS certificate validation for connection with the OpenCTI Platform. Default: `true`.
`connector.id`	`CONNECTOR_ID`	Yes	Unique identifier for the connector in form of UUIDv4 value.
`connector.name`	`CONNECTOR_NAME`	No	Name of the connector to identify it in OpenCTI Platform. Default: `Kaspersky Feeds`.
`connector.scope`	`CONNECTOR_SCOPE`	No	Scope of the connector. Default: `kaspersky`.
`connector.confidence_level`	`CONNECTOR_CONFIDENCE_LEVEL`	No	The default confidence level for created objects (a number between 0 and 100). Default: `100`.
`connector.log_level`	`CONNECTOR_LOG_LEVEL`	No	The log level for the connector, can be `debug`, `info`, `warn` or `error` (less verbose). Default: `info.`
`connector.update_existing_data`	`CONNECTOR_UPDATE_EXISTING_DATA`	No	Whether to update data for the stix2 objects that already exist in the OpenCTI Platform. Default: `false`.
`kaspersky.api_root`	`KASPERSKY_API_ROOT`	No	API Root of the Kaspersky Threat Intelligence Portal TAXII server. Default: `https://taxii.tip.kaspersky.com/v2`.
`kaspersky.api_token`	`KASPERSKY_API_TOKEN`	Yes	Access token to the Kaspersky Threat Intelligence Portal TAXII server.
`kaspersky.ssl_verify`	`KASPERSKY_SSL_VERIFY`	No	Whether to use TLS certificate validation for connection with the Kaspersky Threat Intelligence Portal TAXII server. Default: `true`.
`kaspersky.initial_history`	`KASPERSKY_INITIAL_HISTORY`	No	The offset (in seconds) from the current time to the past, defining the start point for data import. Default: `604800`.
`kaspersky.update_interval`	`KASPERSKY_UPDATE_INTERVAL`	No	Interval (in seconds) between updates execution. Default: `3600`.
`kaspersky.expand_objects`	`KASPERSKY_EXPAND_OBJECTS`	No	Whether to generate additional stix2 objects based on analysis of indicator's description content. Default: `true`.
`kaspersky.collections`	`KASPERSKY_COLLECTIONS`	No	List of collections to import from TAXII server. Both UID and alias (with wildcards) can be used to specify collection. Default: `TAXII_*_Data_Feed`.

It is not recommended to use too large a value for the kaspersky.initial_history configuration parameter, because it may result in a large amount of data being received from а TAXII server.

We strongly recommend that you keep the true value for the opencti.ssl_verify and kaspersky.ssl_verify parameters . If the false value for these parameters is specified, the connector will accept any TLS certificate presented by the server and will ignore hostname mismatches and/or expired certificates, which will make your application vulnerable to man-in-the-middle (MitM) attacks.

Starting from OpenCTI version 6.0, the connector.confidence_level parameter has been deprecated.

Page top