diff options
Diffstat (limited to 'config24.01.yaml')
| -rw-r--r-- | config24.01.yaml | 50 |
1 files changed, 25 insertions, 25 deletions
diff --git a/config24.01.yaml b/config24.01.yaml index 9439093..6e64cdf 100644 --- a/config24.01.yaml +++ b/config24.01.yaml @@ -12,13 +12,14 @@ common: protected_ip_list: ['8.8.8.8', '8.8.4.4', '1.1.1.1', '255.255.255.255', '0.0.0.0', '127.*'] monitor: - monitor_file_path: /opt/vpn-finder-plugins/prom/vpn_plugin_knowledgebase_monitor.prom + monitor_file_path: /Users/joy/Downloads/vpn_thwarting_monitor.prom +# monitor_file_path: /opt/vpn-finder-plugins/prom/vpn_plugin_knowledgebase_monitor.prom outdated_days: 100 # outdated after Inactive for days. outdated results will not be monitored as effective results timezone_hour_gap: 8 clickhouse: - host: 10.160.12.147 + host: 192.168.40.147 port: 9001 username: default password: galaxy2019 @@ -27,25 +28,24 @@ clickhouse: security_table_name: security_event mariadb: - host: 10.160.12.201 + host: 192.168.44.53 port: 3306 user: root - pswd: galaxy2019 + pswd: 111111 db_name: cn_api - ip_table_name: cn_vpn_learning_ip - domain_table_name: cn_vpn_learning_domain + table_name: cn_intelligence_indicator + knowledgebase: - host: 10.160.12.204:8090 + host: 192.168.44.54:8090 kb_username: api_pin: - api_path: /v1/knowledgeBase/items/batch + api_path: /v1/tag/items/batch api_token: a2857bc21b01421b85953fc2c65b4d4c api_retry_times: 3 api_timeout: 9999 db_name: cn_api - ip_library_name: vpn_learning_ip - domain_library_name: vpn_learning_domain + library_name: cn_intelligence_indicator ### PLUGIN CONFIGS @@ -53,7 +53,7 @@ knowledgebase: hotspotvpn: plugin_name: hotspotvpn vpn_service_name: hotspotvpn - plugin_id: 1 + plugin_id: fd3a275b-49e0-462e-8630-c0f4698da9a8 object_type: ip confidence: confirmed sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (ssl_ja3_hash in ('f49621211538d12435b8498f195d0c31', '908e8001ed339d74cedd91a4eb7abfab')) UNION ALL SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (ssl_sni IN ({$domain_list})) GROUP BY server_ip having length(groupUniqArray(server_domain)) >= 5 @@ -63,33 +63,33 @@ hotspotvpn: ipvanishvpn: plugin_name: ipvanishvpn vpn_service_name: ipvanishvpn - plugin_id: 2 + plugin_id: c7ef715a-4ee0-4ac7-b30e-49f337fc8fb8 confidence: confirmed domain: object_type: domain sql: SELECT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND dns_qname LIKE '%.vpn.ipvanish.com' group by dns_qname ip: object_type: ip - kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'ipvanishvpn' group by domain + kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'ipvanishvpn' group by domain ivacyvpn: plugin_name: ivacyvpn vpn_service_name: ivacyvpn - plugin_id: 3 + plugin_id: fdb15703-fb5c-4600-8f04-6128adb1940b confidence: confirmed domain: object_type: domain sql: SELECT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND ((dns_qname LIKE '%.pointtoserver.com') or (dns_qname LIKE '%.ptoserver.com') or (dns_qname LIKE '%.dns2use.com')) group by dns_qname ip: object_type: ip - kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'ivacyvpn' group by domain + kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'ivacyvpn' group by domain protonvpn: plugin_name: protonvpn vpn_service_name: protonvpn - plugin_id: 4 + plugin_id: 9315f6f7-c921-4bb2-a16f-3da86ad3baee object_type: ip confidence: confirmed sql: SELECT server_ip, groupUniqArray(server_port) as ports FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (server_port IN (443, 7770, 8443, 88, 5060, 51820, 500, 80, 1224, 4500, 4569, 5060, 1194)) GROUP BY server_ip HAVING length(ports) >= 10 @@ -99,14 +99,14 @@ protonvpn: cyberghostvpn: plugin_name: cyberghostvpn vpn_service_name: cyberghostvpn - plugin_id: 5 + plugin_id: d3e486c4-4d4d-429e-9af8-d018f73dde99 confidence: confirmed domain: object_type: domain sql: SELECT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND dns_qname LIKE '%.nodes.gen4.ninja' group by dns_qname ip: object_type: ip - kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'cyberghostvpn' group by domain + kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'cyberghostvpn' group by domain monitor_on: False udp_monitor_app_name: Cyberghost-UDP sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} and app_transition like '%{$udp_monitor_app_name}%' group by server_ip @@ -115,7 +115,7 @@ cyberghostvpn: windscribevpn: plugin_name: windscribevpn vpn_service_name: windscribevpn - plugin_id: 6 + plugin_id: 9bd2b634-be41-453f-b6eb-89e25bbffcc3 confidence: confirmed domain: object_type: domain @@ -123,12 +123,12 @@ windscribevpn: domains: whiskergalaxy.com, totallyacdn.com ip: object_type: ip - kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'windscribevpn' group by domain + kb_sql: SELECT domain FROM {$mariadb_dbname}.{$mariadb_tablename} where source_name = 'windscribevpn' group by domain sql: SELECT server_ip FROM {$db_name}.{$table_name} WHERE {$time_filter} and (ssl_cert_subject like '%Windscribe%' or ssl_cert_issuer like '%Windscribe%') group by server_ip turbovpn: vpn_service_name: turbovpn - plugin_id: 7 + plugin_id: 77fdc9b2-83b5-451f-a85d-98798810a7ec plugin_name: turbovpn object_type: ip confidence: confirmed @@ -137,7 +137,7 @@ turbovpn: geckovpn: vpn_service_name: geckovpn - plugin_id: 8 + plugin_id: ffbda1c9-dbbe-4160-8961-270d3aeb6a37 plugin_name: geckovpn object_type: ip confidence: confirmed @@ -146,7 +146,7 @@ geckovpn: vpnunlimited: vpn_service_name: vpnunlimited - plugin_id: 9 + plugin_id: a0693f60-9028-4680-bbce-4200cfcbd291 plugin_name: vpnunlimited object_type: ip confidence: confirmed @@ -156,5 +156,5 @@ vpnunlimited: psiphon3vpn: vpn_service_name: psiphon3vpn - plugin_id: 10 - plugin_name: psiphon3vpn
\ No newline at end of file + plugin_id: 5d225aa8-ae80-4c89-a972-026bbb5d14e4 + plugin_name: psiphon3vpn |