-
Notifications
You must be signed in to change notification settings - Fork 2
Configuration
This page will explain every config setting in xarf-report-generator
Basic Information about the entity that is reporting the incident.
The name of the company
The E-Mail of the organization
Domain of the Organization
The e-mail address of the primary contact of the report
The name of the primary contact of the report
The phone number of the primary contact
Settings for the e-mail reporting feature
The name and address of the From header.
ex John Doe <info@example.com>
The E-Mail address to send a blind copy to.
Leave out or empty to disable.
ex John Doe <info@example.com>
The Subject of the E-Mail
A file on the disk to use as a template for the E-Mail.
If empty sends a generic one ex (##XARF_REPORT## contains the JSON XARF Report in plain text):
[2022-04-10T00:00:00.00000000Z] 255.255.255.255:0 -> 255.255.255.255:0 | Username: ADMINISTRATOR | Reason: Unknown user name or bad password.
##XARF_REPORT##
Send using https://github.com/IT-Hock/xarf-report-generator
Variables for use in the template:
-
##XARF_REPORT##-> The XARF Report in Plain Text -
##SOURCE_IP##-> The IP the attack originated from -
##SOURCE_PORT##-> The Port the attack originated from -
##DEST_IP##-> -
##DEST_PORT##-> -
##TIME##-> Time in ISO 8601 in UTC (ex 2022-04-10T00:00:00.00000000Z)
Whether or not to automatically send E-Mails to the Abuse contact in the WHOIS of the IP. (Needs a proper SMTP Configuration)
Where to store generated E-Mail reports in EML Format
Basic SMTP setup for auto reporting
The server where the SMTP connection should be made to
The SMTP Port of the server
The SMTP Username to authenticate with
The SMTP Password to authenticate with
Whether or not to connect using SSL
Gather failed logons using EventViewer
Whether or not to gather failed logons using EventViewer
Gathers recent IP Bans from an IPBan Log file.
Whether or not to gather recent IP Bans from IPBan
The public IP Address of this server.
Path on the disk to store XARF reports to.
{
"Reporter": {
"Organization": "Company Name",
"OrganizationEmail": "info@example.com",
"Domain": "example.com",
"ContactEmail": "contact@example.com",
"ContactName": "John Doe",
"ContactPhone": "+1 (555) 555-5555"
},
"EmailReport": {
"From": "John Doe <info@example.com>",
"Bcc": "John Doe <info@example.com>",
"Subject": "Test Report",
"ReportTemplate": "myTemplate.txt",
"AutoReport": false,
"ReportOutputPath": "EmailReport",
},
"Email": {
"SmtpServer": "smtp.example.com",
"Port": 25,
"Username": "username",
"Password": "password",
"EnableSsl": false,
},
"EventViewer": {
"Enabled": true
},
"IpBan": {
"Enabled": true,
"IpBanLogFile": "logfile.txt"
},
"MyIpAddress": "255.255.255.255",
"OutputPath": "xarf"
}
Copyright © 2022 IT-Hock