Threat Bus uses a configuration file that contains both global and plugin-specific settings. This section discusses the general layout of the file and options you can configure.
Threat Bus' configuration file is formatted in YAML and requires two sections,
plugins. The following example explains the general structure.
Logging is configured globally. The main application forwards the logging settings to all installed plugins. Threat Bus supports colored console logs and file logging. File and console logging are independent.
plugins section contains all plugin specific configuration settings. The
apps, depending on the
Plugin configuration is managed via the plugin name. For example, the plugin
threatbus-zeek has the name
zeek and is an
app plugin. Thus it is
configured in a section called
zeek, below the
apps section in the config.
The options that can be configured per plugin are defined by the plugin itself. Check the plugin documentation for details on the individual plugins.
Threat Bus automatically becomes aware of all plugins that are installed on the
same host system or virtual environment. However, plugins must have a non-empty
section in the
config.yaml to get loaded. You can "disable" any installed
plugin simply by not putting it into the config file.