-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenv.example
More file actions
52 lines (42 loc) · 2.21 KB
/
env.example
File metadata and controls
52 lines (42 loc) · 2.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# Environment template for cli.py (loaded via python-dotenv from the working directory).
# Full behavior, file outputs, and remote publish layout: see README.md.
# Copy to .env and fill in values. Do not commit .env.
# Backups may include privileged or sensitive tenant data (especially NGSIEM lookups); handle outputs per your policy.
# CrowdStrike API Configuration
# Required: Your CrowdStrike API Client ID
FALCON_CLIENT_ID=your_client_id_here
# Required: Your CrowdStrike API Client Secret
FALCON_CLIENT_SECRET=your_client_secret_here
# Optional: CrowdStrike Cloud Region (default: us-2)
# Available regions: us-1, us-2, eu-1, us-gov-1
FALCON_CLOUDREGION=us-2
# Optional: Backup filter for correlation rules (default: *)
# Examples:
# BACKUP_FILTER=* # All rules
# BACKUP_FILTER="user_id:!'user@example.com'" # Exclude specific user
# BACKUP_FILTER="status:'enabled'" # Only enabled rules
# BACKUP_FILTER="name:'*test*'" # Rules with 'test' in name
# BACKUP_FILTER="user_id:'admin@example.com'+status:'enabled'" # Multiple conditions
BACKUP_FILTER=*
# Optional: treat as --skip-if-unchanged on backup / workflows / all (1, true, yes)
# BACKUP_SKIP_IF_UNCHANGED=1
# Optional: Log level for app logging if you wire LOG_LEVEL elsewhere (cli uses --verbose)
# LOG_LEVEL=INFO
# Optional: skip NGSIEM steps when invoking cli.py directly (the shell runner does not pass these):
# --no-ngsiem-lookups
# --no-ngsiem-parsers
# Optional: NGSIEM ListParsers scope (default custom = parsers you authored). Also: --ngsiem-parser-types
# NGSIEM_PARSER_TYPES=custom
# NGSIEM_PARSER_TYPES=ootb
# NGSIEM_PARSER_TYPES=all
# NGSIEM_PARSER_TYPES=custom,ootb
# Optional: mounted share for compressed backups + audit manifests (see tools/backup_remote_publish.py).
# There is no HTTP upload; copies are local/mount only. Publishing is OFF unless you set:
# BACKUP_REMOTE_PUBLISH=1
# BACKUP_REMOTE_DIR=/mnt/backup-share
# Or reuse OUTPUT_SHARE if your stack already sets it
# OUTPUT_SHARE=/mnt/backup-share
# Subfolder under the mount (default crowdstrike-backup)
# BACKUP_REMOTE_SUBDIR=crowdstrike-backup
# Keep newest N zip files under .../archives/ (default 30)
# BACKUP_REMOTE_MAX_ARCHIVES=30