Contexthub-server Configuration

LiveConfig

Name Default value Type Description

rsa.cms.client.host

string

rsa.cms.client.password

string

rsa.cms.client.port

0

integer

rsa.cms.client.use-ssl

false

boolean

rsa.cms.client.username

string

LiveConnectPathConfig

Name Default value Type Description

rsa.cms.client.lc-auth-path

/authlive/authenticate/LIVECONNECT

string

rsa.cms.client.lc-feedback-path

/liveconnect/v2/feedback/meta

string

ServiceProperties

Name Default value Type Description

rsa.contexthub.backup-data-path

string

Migration data backup location

rsa.contexthub.config-dir-path

string

Config directory which contains all the configuration files

rsa.contexthub.data-dir-path

string

Data Directory

rsa.contexthub.file-system-service

filesystemservice

rsa.contexthub.jobs-dir-path

string

Jobs directory which contains all the job configurations

rsa.contexthub.max-entries-for-list

100000

integer

List datasource max limit

rsa.contexthub.ootb-list-version

string

OOTB List Version

rsa.contexthub.prefetch-pool-size

3

integer

Prefetch job pool size

rsa.contexthub.replace-config

false

boolean

Replace the batch config files on service boot

rsa.contexthub.templates-dir-path

string

Template directory which contains all the templates

rsa.contexthub.tried-adding-respond-server

false

boolean

Now when the service boots-up and if there is Respond-Server already in the deployment, we should try to add that as a CH data-source, but this should be done already once, so in case user deletes the source we shouldn’t add it again.

ServiceDataProperties

Name Default value Type Description

rsa.contexthub.data.disk-size

120

bytes

Max database disk space allocated for the Contexthub service.

rsa.contexthub.data.used-disk-upper-threshold

95

double

GlobalQueryResponseCachePolicy

Name Default value Type Description

rsa.contexthub.query-response-cache.available-memory

0

long

rsa.contexthub.query-response-cache.cache-name

string

rsa.contexthub.query-response-cache.cache-store-bulk-insert-size

20

integer

rsa.contexthub.query-response-cache.enabled

true

boolean

rsa.contexthub.query-response-cache.max-seconds-in-cache

1800

seconds

rsa.contexthub.query-response-cache.modification-queue

20

integer

rsa.contexthub.query-response-cache.percentage-of-heap-as-cache

50

double

rsa.contexthub.query-response-cache.preload

true

boolean

rsa.contexthub.query-response-cache.thread-pool

2

integer

rsa.contexthub.query-response-cache.used-cache-upper-threshold

100

double

AsyncServiceProperites

Name Default value Type Description

rsa.contexthub.query-threads.core-pool-size

20

integer

rsa.contexthub.query-threads.max-pool-size

250

integer

rsa.contexthub.query-threads.max-seconds-before-results-expire

0

long

rsa.contexthub.query-threads.queue-capacity

1000

integer

ReputationProperties

Name Default value Type Description

rsa.contexthub.reputation.batch-size

1000

integer

Size of the batch to be send to Reputation Server

rsa.contexthub.reputation.max-hashes-to-be-queried

595000

integer

Maximum number of hashes to be considered for refreshing in 1 day

rsa.contexthub.reputation.max-query-supported-by-reputation-server

600000

integer

Maximum number of queries supported by the live reputation service.

rsa.contexthub.reputation.max-staged-count-for-refresh

1

long

Maximum staged entries in staging store if present, prefetch will be retried in refreshCheckInterval seconds. This is done to give priority to new reputation queries. Eg: Prefetch starts at 9 PM on a day. CH checks whether the "Staged" entries in Staging store are less than maxStagedCountForRefresh. If it is less prefetch starts else prefetch is skipped for this time and retried in refreshCheckInterval seconds.

rsa.contexthub.reputation.preferred-hashing-algorithm

md5

string

Algorithms that should be used while interaction with Reputation Server

rsa.contexthub.reputation.refresh-batch-interval

15

seconds

Time Interval between 2 batches sent to reputation server for refresh

rsa.contexthub.reputation.refresh-check-interval

15

seconds

Configuration to handle "Staging Store has entries" or Any other exception/error in case of refresh(prefetch). Staged entries should get priority over refresh job. And in case of any failures CH should retry refresh after this interval. Eg: At t1, CH started refresh job but finds that there are some entries in staging store with status - "Staged" CH will check if the no. of entries are > minStagedCountForRefresh, and if thats the case it will retry refresh after seconds configured here until that day’s 11:55 PM UTC

rsa.contexthub.reputation.reputation-query-batch-interval

2

seconds

If CH does not gets any batch from staging store for RS, next time it queries staging store for a batch is after the seconds configured here. Eg: At t1, CH got a batch from staging store and RS was queried At t2, CH did not get any batch from staging store Now at t3 (t2 + reputationQueryBatchInterval) , CH again queried staging store for a batch

StixProperties

Name Default value Type Description

rsa.contexthub.stix.data-store-read-page-size

100

integer

When reading the entire data store of a STIX source, this property determines the page size

TaxiiServiceProperties

Name Default value Type Description

rsa.enrichment.stix.config.disabled-xml-features

list

rsa.enrichment.stix.config.max-taxii-poll-window

7

seconds

Maximum time range to query TAXII server in one cycle. Defaults to 7 days. E.g., If the total range to query the TAXII server is 30 days, the range will be divided into shorter time windows of 7 days each.

rsa.enrichment.stix.config.taxii-service-max-attempts

2

integer

Max number of attempts to query TAXII Service

rsa.enrichment.stix.config.taxii-service-retry-wait-in-sec

10

integer

Max number of attempts to query TAXII Service

HttpProxyProperties

Name Default value Type Description

rsa.transport.http.proxy.enabled

false

boolean

rsa.transport.http.proxy.host

string

rsa.transport.http.proxy.ntlm-domain

string

rsa.transport.http.proxy.password

string

rsa.transport.http.proxy.port

integer

rsa.transport.http.proxy.reinitialize-proxy

false

boolean

rsa.transport.http.proxy.use-ntlm-auth

false

boolean

rsa.transport.http.proxy.use-ssl

false

boolean

Flag indicating whether we should use HTTP or HTTPS

rsa.transport.http.proxy.user

string