Contexthub-server ConfigurationContexthub-server Configuration
LiveConfigLiveConfig
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.cms.client.host |
string |
||
|
rsa.cms.client.password |
string |
||
|
rsa.cms.client.port |
0 |
integer |
|
|
rsa.cms.client.use-ssl |
false |
boolean |
|
|
rsa.cms.client.username |
string |
LiveConnectPathConfigLiveConnectPathConfig
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.cms.client.lc-auth-path |
/authlive/authenticate/LIVECONNECT |
string |
|
|
rsa.cms.client.lc-feedback-path |
/liveconnect/v2/feedback/meta |
string |
ServicePropertiesServiceProperties
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.contexthub.backup-data-path |
string |
Migration data backup location |
|
|
rsa.contexthub.config-dir-path |
string |
Config directory which contains all the configuration files |
|
|
rsa.contexthub.data-dir-path |
string |
Data Directory |
|
|
rsa.contexthub.file-system-service |
filesystemservice |
||
|
rsa.contexthub.jobs-dir-path |
string |
Jobs directory which contains all the job configurations |
|
|
rsa.contexthub.max-entries-for-list |
100000 |
integer |
List datasource max limit |
|
rsa.contexthub.ootb-list-version |
string |
OOTB List Version |
|
|
rsa.contexthub.prefetch-pool-size |
3 |
integer |
Prefetch job pool size |
|
rsa.contexthub.replace-config |
false |
boolean |
Replace the batch config files on service boot |
|
rsa.contexthub.templates-dir-path |
string |
Template directory which contains all the templates |
|
|
rsa.contexthub.tried-adding-respond-server |
false |
boolean |
Now when the service boots-up and if there is Respond-Server already in the deployment, we should try to add that as a CH data-source, but this should be done already once, so in case user deletes the source we shouldn’t add it again. |
ServiceDataPropertiesServiceDataProperties
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.contexthub.data.disk-size |
120 |
bytes |
Max database disk space allocated for the Contexthub service. |
|
rsa.contexthub.data.used-disk-upper-threshold |
95 |
double |
GlobalQueryResponseCachePolicyGlobalQueryResponseCachePolicy
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.contexthub.query-response-cache.available-memory |
0 |
long |
|
|
rsa.contexthub.query-response-cache.cache-name |
string |
||
|
rsa.contexthub.query-response-cache.cache-store-bulk-insert-size |
20 |
integer |
|
|
rsa.contexthub.query-response-cache.enabled |
true |
boolean |
|
|
rsa.contexthub.query-response-cache.max-seconds-in-cache |
1800 |
seconds |
|
|
rsa.contexthub.query-response-cache.modification-queue |
20 |
integer |
|
|
rsa.contexthub.query-response-cache.percentage-of-heap-as-cache |
50 |
double |
|
|
rsa.contexthub.query-response-cache.preload |
true |
boolean |
|
|
rsa.contexthub.query-response-cache.thread-pool |
2 |
integer |
|
|
rsa.contexthub.query-response-cache.used-cache-upper-threshold |
100 |
double |
AsyncServiceProperitesAsyncServiceProperites
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.contexthub.query-threads.core-pool-size |
20 |
integer |
|
|
rsa.contexthub.query-threads.max-pool-size |
250 |
integer |
|
|
rsa.contexthub.query-threads.max-seconds-before-results-expire |
0 |
long |
|
|
rsa.contexthub.query-threads.queue-capacity |
1000 |
integer |
ReputationPropertiesReputationProperties
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.contexthub.reputation.batch-size |
1000 |
integer |
Size of the batch to be send to Reputation Server |
|
rsa.contexthub.reputation.max-hashes-to-be-queried |
595000 |
integer |
Maximum number of hashes to be considered for refreshing in 1 day |
|
rsa.contexthub.reputation.max-query-supported-by-reputation-server |
600000 |
integer |
Maximum number of queries supported by the live reputation service. |
|
rsa.contexthub.reputation.max-staged-count-for-refresh |
1 |
long |
Maximum staged entries in staging store if present, prefetch will be retried in refreshCheckInterval seconds. This is done to give priority to new reputation queries. Eg: Prefetch starts at 9 PM on a day. CH checks whether the "Staged" entries in Staging store are less than maxStagedCountForRefresh. If it is less prefetch starts else prefetch is skipped for this time and retried in refreshCheckInterval seconds. |
|
rsa.contexthub.reputation.preferred-hashing-algorithm |
md5 |
string |
Algorithms that should be used while interaction with Reputation Server |
|
rsa.contexthub.reputation.refresh-batch-interval |
15 |
seconds |
Time Interval between 2 batches sent to reputation server for refresh |
|
rsa.contexthub.reputation.refresh-check-interval |
15 |
seconds |
Configuration to handle "Staging Store has entries" or Any other exception/error in case of refresh(prefetch). Staged entries should get priority over refresh job. And in case of any failures CH should retry refresh after this interval. Eg: At t1, CH started refresh job but finds that there are some entries in staging store with status - "Staged" CH will check if the no. of entries are > minStagedCountForRefresh, and if thats the case it will retry refresh after seconds configured here until that day’s 11:55 PM UTC |
|
rsa.contexthub.reputation.reputation-query-batch-interval |
2 |
seconds |
If CH does not gets any batch from staging store for RS, next time it queries staging store for a batch is after the seconds configured here. Eg: At t1, CH got a batch from staging store and RS was queried At t2, CH did not get any batch from staging store Now at t3 (t2 + reputationQueryBatchInterval) , CH again queried staging store for a batch |
StixPropertiesStixProperties
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.contexthub.stix.data-store-read-page-size |
100 |
integer |
When reading the entire data store of a STIX source, this property determines the page size |
TaxiiServicePropertiesTaxiiServiceProperties
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.enrichment.stix.config.disabled-xml-features |
list |
||
|
rsa.enrichment.stix.config.max-taxii-poll-window |
7 |
seconds |
Maximum time range to query TAXII server in one cycle. Defaults to 7 days. E.g., If the total range to query the TAXII server is 30 days, the range will be divided into shorter time windows of 7 days each. |
|
rsa.enrichment.stix.config.taxii-service-max-attempts |
2 |
integer |
Max number of attempts to query TAXII Service |
|
rsa.enrichment.stix.config.taxii-service-retry-wait-in-sec |
10 |
integer |
Max number of attempts to query TAXII Service |
HttpProxyPropertiesHttpProxyProperties
| Name | Default value | Type | Description |
|---|---|---|---|
|
rsa.transport.http.proxy.enabled |
false |
boolean |
|
|
rsa.transport.http.proxy.host |
string |
||
|
rsa.transport.http.proxy.ntlm-domain |
string |
||
|
rsa.transport.http.proxy.password |
string |
||
|
rsa.transport.http.proxy.port |
integer |
||
|
rsa.transport.http.proxy.reinitialize-proxy |
false |
boolean |
|
|
rsa.transport.http.proxy.use-ntlm-auth |
false |
boolean |
|
|
rsa.transport.http.proxy.use-ssl |
false |
boolean |
Flag indicating whether we should use HTTP or HTTPS |
|
rsa.transport.http.proxy.user |
string |
