Skip to content

Advanced options for deployment

Tip

All variables from secrets.json can be converted to environment variables (uppercase).

Note

You can add these environment variables in a docker-compose-custom.yml or just a docker-compose-custom.yml with a .env.
If you don't specify proxy, no proxy will be used.

Here is a list of all available environment variables that can be used with examples:

PROXY_URL=http://127.0.0.1:9000
VIRUSTOTAL=api_key_here
ABUSEIPDB=api_key_here
IPINFO=api_key_here
GOOGLE_SAFE_BROWSING=api_key_here
MDE_TENANT_ID=api_key_here
MDE_CLIENT_ID=api_key_here
MDE_CLIENT_SECRET=api_key_here
MISP_URL=https://misp.local
MISP_API_KEY=api_key_here
SHODAN=api_key_here
SPUR_US=api_key_here
THREATFOX=api_key_here
OPENCTI_API_KEY=api_key_here
OPENCTI_URL=https://demo.opencti.io
CROWDSTRIKE_CLIENT_ID=client_id_here
CROWDSTRIKE_CLIENT_SECRET=client_secret_here
CROWDSTRIKE_FALCON_BASE_URL=https://falcon.crowdstrike.com
WEBSCOUT=token_here
SUPERVISORD_WORKERS_COUNT=4
SUPERVISORD_THREADS_COUNT=4
SUPERVISORD_TIMEOUT=200
API_PREFIX=my_api
MAX_FORM_MEMORY_SIZE=1048576
GUI_ENABLED_ENGINES=reverse_dns,rdap
CONFIG_PAGE_ENABLED=true
SSL_VERIFY=true
GUI_CACHE_TIMEOUT=1800
API_CACHE_TIMEOUT=86400

Example of custom docker compose file

Tip

This can be useful when you don't want to build the image yourself. This image is produced by the GitHub actions workflow

ghcr.io/stanfrbd/cyberbro:latest

Example of docker-compose-custom.yml (note: no " in environment variables)

services:
  web:
    image: ghcr.io/stanfrbd/cyberbro:latest
    container_name: cyberbro
    ports:
      - "5000:5000"
    environment:
      - FLASK_ENV=production
      - ABUSEIPDB=${ABUSEIPDB:-}
      - ALIENVAULT=${ALIENVAULT:-}
      - CRIMINALIP_API_KEY=${CRIMINALIP_API_KEY:-}
      - CROWDSTRIKE_CLIENT_ID=${CROWDSTRIKE_CLIENT_ID:-}
      - CROWDSTRIKE_CLIENT_SECRET=${CROWDSTRIKE_CLIENT_SECRET:-}
      - CROWDSTRIKE_FALCON_BASE_URL=${CROWDSTRIKE_FALCON_BASE_URL:-}
      - GOOGLE_SAFE_BROWSING=${GOOGLE_SAFE_BROWSING:-}
      - IPINFO=${IPINFO:-}
      - MDE_CLIENT_ID=${MDE_CLIENT_ID:-}
      - MDE_CLIENT_SECRET=${MDE_CLIENT_SECRET:-}
      - MDE_TENANT_ID=${MDE_TENANT_ID:-}
      - MISP_API_KEY=${MISP_API_KEY:-}
      - MISP_URL=${MISP_URL:-}
      - OPENCTI_API_KEY=${OPENCTI_API_KEY:-}
      - OPENCTI_URL=${OPENCTI_URL:-}
      - SHODAN=${SHODAN:-}
      - SPUR_US=${SPUR_US:-}
      - THREATFOX=${THREATFOX:-}
      - VIRUSTOTAL=${VIRUSTOTAL:-}
      - WEBSCOUT=${WEBSCOUT:-}
      - CONFIG_PAGE_ENABLED=${CONFIG_PAGE_ENABLED:-}
      - SSL_VERIFY=${SSL_VERIFY:-}
      - PROXY_URL=${PROXY_URL:-}
      - GUI_CACHE_TIMEOUT=${GUI_CACHE_TIMEOUT1800:-}
      - API_CACHE_TIMEOUT=${API_CACHE_TIMEOUT86400:-}
      - GUI_ENABLED_ENGINES=${GUI_ENABLED_ENGINES:-}
      - SUPERVISORD_WORKERS_COUNT=${SUPERVISORD_WORKERS_COUNT:-}
      - SUPERVISORD_THREADS_COUNT=${SUPERVISORD_THREADS_COUNT:-}
      - SUPERVISORD_TIMEOUT=${SUPERVISORD_TIMEOUT:-}
      - API_PREFIX=${API_PREFIX:-}
      - MAX_FORM_MEMORY_SIZE=${MAX_FORM_MEMORY_SIZE:-}
    restart: always
    volumes:
      - ./data:/app/data
      - ./logs:/var/log/cyberbro

Example of .env file (note: no " in environment variables)

VIRUSTOTAL=api_key_here
ABUSEIPDB=api_key_here
GUI_ENABLED_ENGINES=reverse_dns,rdap,ipquery,abuseipdb,virustotal,spur,google_safe_browsing,phishtank
API_CACHE_TIMEOUT=1800

You can use the file .env.sample as a template to create your own .env file.

Danger

Make sure you use either secrets.json or .env file for your deployment, not both.
This may lead to unexpected behavior as the application will try to read both files and may override some values.

Note

./data:/app/data: This maps the data directory on your host machine to the /app/data directory inside the container. This is mandatory for persisting the database results.db that is used by Cyberbro.
./logs:/var/log/cyberbro: This maps the logs directory on your host machine to the /var/log/cyberbro directory inside the container. This is useful for persisting log files generated by the application, allowing you to access and analyze logs even after the container is stopped or removed.

Supervisord options (for docker only)

This options will be applied only if the script prod/advanced_config.py is run (automatic in docker)

In secrets.json:

  • Adding "supervisord_workers_count": 4 in secrets.json will set -w 4 in supervisord.conf
  • Adding "supervisord_threads_count": 4 in secrets.json will set -t 4 in supervisord.conf
  • Adding "supervisord_timeout": 200 in secrets.json will set --timeout 200 in supervisord.conf

Or using environment variables:

export SUPERVISORD_WORKERS_COUNT=4
export SUPERVISORD_THREADS_COUNT=4
export SUPERVISORD_TIMEOUT=200

Note

These variables are optional, so if they don't exist in secrets.json, the original config (in prod/supervisord.conf) will be applied by default.

API prefix in app.py and index.html options

In secrets.json:

Tip

By default, the API is accessible at http://cyberbro_instance:5000/api

  • Adding "api_prefix": "my_api" in secrets.json will set all the original prefix /api/ endpoints to be renamed by prefix /my_api/ endpoints in the files app.py and index.html

Or using environment variables:

export API_PREFIX=my_api

Note

This variable is optional, so if it doesn't exist in secrets.json, the API will be accessible at /api/ by default.

Selected engines in the GUI (index.html only)

In secrets.json:

  • Adding "gui_enabled_engines": ["reverse_dns", "rdap"] in secrets.json will restrict usage of these two engines in the GUI.

Or using environment variables:

export GUI_ENABLED_ENGINES=reverse_dns,rdap

Note

This variable is optional, so if it doesn't exist in secrets.json or ENV, all engines will be displayed in the GUI.

Tip

Example: for the demo instance of cyberbro, only these engines are used: "gui_enabled_engines": ["reverse_dns", "rdap", "ipquery", "abuseipdb", "virustotal", "spur", "google_safe_browsing", "shodan", "phishtank", "threatfox", "urlscan", "google", "github", "opencti", "abusix", "hudsonrock"]
With environment variable: GUI_ENABLED_ENGINES=reverse_dns,rdap,ipquery,abuseipdb,virustotal,spur,google_safe_browsing,shodan,phishtank,threatfox,urlscan,google,github,opencti,abusix,hudsonrock

SSL verification settings for requests (backend)

Danger

This is really insecure to do disable it, do it at your own risk.

You can change the default behavior using the following:

In secrets.json:

Adding "ssl_verify": false in secrets.json will disable the certificate trust verification in the requests (backend).

Or using environment variables:

export SSL_VERIFY=false

Tip

This variable is optional, so if it doesn't exist in secrets.json or ENV, it will use the default parameter (True) which is more secure.

Config page in the GUI (config.html) http://cyberbro.local:5000/config

Danger

This is unsecure so it is disabled by default.

You can add it using the following:

In secrets.json:

Adding "config_page_enabled": true in secrets.json will enable the config page in the GUI at http://cyberbro.local:5000/config

Or using environment variables:

export CONFIG_PAGE_ENABLED=true

Note

This variable is optional, so if it doesn't exist in secrets.json or ENV, it will be disabled by default.

Upload more than 1MB observables in the form

By default, the form in the GUI only accepts 1MB of data. You can change this limit using the following: In secrets.json: Adding "max_form_memory_size": 1048576 in secrets.json will set the limit to 1MB (1048576 bytes) in the form. Or using environment variables: 

export MAX_FORM_MEMORY_SIZE=1048576

Note

The value must be set in bytes, so 1MB = 1048576 bytes, 2MB = 2097152 bytes, etc.
Don't set it too high, it can cause problems with the database or treatment of the data.
This variable is optional, so if it doesn't exist in secrets.json or ENV, it will use the default parameter (1MB).

Flask doc about MAX_FORM_MEMORY_SIZE

Cache timeout for the GUI

Note

This is the timeout for the cache in the GUI, not the API. The default value is 1800 seconds (30 minutes).
You can change this value using the following:

In secrets.json: Adding "gui_cache_timeout": 1800 in secrets.json will set the timeout to 30 minutes (1800 seconds) in the GUI. Or using environment variables: 

export GUI_CACHE_TIMEOUT=1800

Note

The value must be set in seconds, so 1 minute = 60 seconds, 1 hour = 3600 seconds, etc.
Don't set it too high, it can cause problems with the database or treatment of the data.
This variable is optional, so if it doesn't exist in secrets.json or ENV, it will use the default parameter (30 minutes).

Cache timeout for the API

Note

This is the timeout for the cache in the API, not the GUI. The default value is 86400 seconds (24 hours).
You can change this value using the following:

In secrets.json: Adding "api_cache_timeout": 86400 in secrets.json will set the timeout to 24 hours (86400 seconds) in the API. Or using environment variables: 

export API_CACHE_TIMEOUT=86400

Note

The value must be set in seconds, so 1 minute = 60 seconds, 1 hour = 3600 seconds, etc.
Don't set it too high, it can cause problems with the database or treatment of the data.
This variable is optional, so if it doesn't exist in secrets.json or ENV, it will use the default parameter (24 hours).