summaryrefslogtreecommitdiff
path: root/config.yaml
blob: 40963fa301aafc8050b23ceee9ccf8af6363ab42 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

common:
    output_path: data/
    time_zone: Asia/Shanghai
    recv_time_columnname: common_recv_time
    time_filter_pattern: (recv_time_columnname> toDateTime('{$start_time}', '{$time_zone}')) AND(recv_time_columnname <= toDateTime('{$end_time}', '{$time_zone}'))

clickhouse:
    host: 192.168.44.30
    port: 9001
    username: default
    password: galaxy2019 # ceiec2021
    db_name: tsg_galaxy_v3
    table_name: session_record

mariadb:
    host: 192.168.44.53
    port: 3306
    user: root
    pswd: 111111
    timezone_hour_gap: 8  # actual local timezone - mariadb timezone (hours)
    db_name: cn_api
    ip_table_name: cn_vpn_learning_ip
    domain_table_name: cn_vpn_learning_domain

knowledgebase:
    host: 192.168.44.54:8090
    kb_username: learning_engine
    api_pin: 111111
    api_path: /v1/knowledgeBase/items/batch
    api_token: a2857bc21b01421b85953fc2c65b4d4c
    api_retry_times: 3
    api_timeout: 9999
    db_name: cn_api
    ip_library_name: vpn_learning_ip
    domain_library_name: vpn_learning_domain


hotspotvpn_serverip:
    vpn_service_name: hotspotvpn
    plugin_id: 1
    plugin_name: hotspotvpn_serverip
    object_type: ip
    confidence: confirmed
    sql: SELECT common_server_ip, any(common_server_asn) AS asn, count(*) AS session_num, groupUniqArray(common_server_domain) as domains, length(domains) as domain_count, countDistinct(common_client_ip) AS cip_num FROM {$db_name}.{$table_name} WHERE {$time_filter} AND (ssl_sni IN ({$domain_list})) GROUP BY common_server_ip having domain_count >= 3
    domains: paypal.com, facebook.com, twitter.com, whatsapp.com, get.adobe.com, cloudfront.net, mozilla.org


ipvanishvpn_servername:
    vpn_service_name: ipvanishvpn
    plugin_id: 2
    plugin_name: ipvanishvpn_servername
    object_type: domain
    confidence: confirmed
    sql: SELECT DISTINCT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND dns_qname LIKE '%.vpn.ipvanish.com'


ipvanishvpn_serverip:
    vpn_service_name: ipvanishvpn
    plugin_id: 3
    plugin_name: ipvanishvpn_serverip
    object_type: ip
    confidence: confirmed
    kb_sql: SELECT distinct domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'ipvanishvpn'


psiphon3vpn_serverip:
    vpn_service_name: psiphon3vpn
    plugin_id: 4
    plugin_name: psiphon3vpn_serverip
    object_type: ip
    confidence:


cyberghostvpn_servername:
    vpn_service_name: cyberghostvpn
    plugin_id: 5
    plugin_name: cyberghostvpn_servername
    object_type: domain
    confidence: confirmed
    sql: SELECT DISTINCT dns_qname FROM {$db_name}.{$table_name} WHERE {$time_filter} AND dns_qname LIKE '%.nodes.gen4.ninja'


cyberghostvpn_serverip:
    vpn_service_name: cyberghostvpn
    plugin_id: 6
    plugin_name: cyberghostvpn_serverip
    object_type: ip
    confidence: confirmed
    kb_sql: SELECT distinct domain FROM {$mariadb_dbname}.{$mariadb_domain_tablename} where vpn_service_name = 'cyberghostvpn'
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 18:54:43 +0000