Helm Configuration References

Using Detect Umbrella Chart

Detect Helm is an umbrella chart that uses other Detect charts to deploy Detect deployment on K8s. The purpose of this chart is to simplify and streamline the process of deploying Detect on K8s.

Enabling or disabling subcharts

Each Detect subchart can be enabled or disabled, giving you the ability to deploy only what you need or want. You can enable or disable a subchart by setting chart enabled value (<<chart_name>>.enabled) to either true or false.

c1000:
  enabled: true

tiscale-worker:
  enabled: true

tiscale-worker-lf:
  enabled: false

tiscale-hub:
  enabled: false

tiscale-external-appliances:
  enabled: false

Requirements

Repository	Name	Version
file://../c1000	c1000	5.5.1-9
file://../tiscale-hub	tiscale-hub	5.5.1-9
file://../tiscale-worker	tiscale-worker	5.5.1-9
file://../tiscale-worker	tiscale-worker-lf(tiscale-worker)	5.5.1-9
oci://alt-artifactory-prod.rl.lan/appliances-docker-test/detect/charts	tiscale-external-appliances	>=0.1.0

Values

Key	Type	Default	Description
detectNamespaceRbac	object	{}	A set of roles and role bindings that can be created in the Detect namespace for additional RBAC configuration.
global.connectA1000	bool	false	Enable connecting A1000 to C1000
global.deployC1000	bool	true	If enabled, C1000 will be deployed
global.deployHub	bool	true	If enabled, Hub will be deployed
global.deployWorker	bool	true	If enabled, Workers will be deployed
global.enableLargeFileWorker	bool	true	If true, large file worker mode will be enabled
global.umbrella	bool	true	Notifies dependency charts that they are being used from the umbrella chart. Must always be set to true.
registry.authSecretName	string	"rl-registry-key"	The name of a Kubernetes secret resource used for pulling images from a Docker registry.
registry.authSecretPassword	string	nil	The password used for authenticating with the registry.
registry.authSecretUsername	string	nil	The username used for authenticating with the registry.
registry.createRegistrySecret	bool	true	If enabled, a Kubernetes secret for pulling images will be created. If disabled, the secret must be created manually in the namespace.
registry.imageRegistry	string	"registry.reversinglabs.com"	The image registry address.

Spectra Detect Manager (C1000)

C1000 Helm chart for Kubernetes

Configmap configuration secrets

Secret	Type	Description
release_name-secret-ticloud	optional	Basic authentication secret which contains username and password for Spectra Intelligence authentication. Required when Spectra Intelligence is enabled.
release_name-secret-ticloud-proxy	optional	Basic authentication secret which contains username and password for Spectra Intelligence proxy authentication. Required when Spectra Intelligence is enabled and proxy is used.
release_name-secret-ldap	optional	Basic authentication secret which contains username and password for LDAP autehntication. Required when LDAP authentication is enabled.
release_name-secret-oidc	optional	Basic authentication secret which contains username and password for OIDC authentication. Required when OIDC authentication is enabled.
release_name-secret-smtp	optional	Basic authentication secret which contains username and password for SMTP.

Values

Configmap Configuration values for Spectra Detect Manager

Key	Type	Default	Description
appliance.configMode	string	"STANDARD"	Configuration mode of the appliance. Allowed values: CONFIGMAP (configuration is provided via ConfigMap), STANDARD (configuration is provided via UI).
c1000Configuration.centralFileStorage	object	-	Configure file storage in Spectra Detect Manager, allowing connected Workers to store samples for pivoting to and reprocessing in Spectra Analyze.
c1000Configuration.centralFileStorage.enable	bool	false	Enable/disable file storage.
c1000Configuration.centralFileStorage.fileSizeLimit	int	400	File size limit in MiB. Samples larger than the set threshold will not be stored.
c1000Configuration.centralFileStorage.ttl	int	24	Sample retention period in hours after which the uploaded samples will be removed from the Central File Storage.
c1000Configuration.centralLogging	object	-	Configure Central Logging, which is used to collect and display information about all events happening on connected Workers and the Hub.
c1000Configuration.centralLogging.retentionPeriod	int	90	Retention period in days.
c1000Configuration.centralStorageGeneral	object	-	Additional central storage settings.
c1000Configuration.centralStorageGeneral.minFreeSpace	int	20	Minimum disk space in GiB. When reached, new sample uploads will not be accepted.
c1000Configuration.ldap	object	-	Settings for LDAP authentication.
c1000Configuration.ldap.denyGroup	string	""	Authentication will fail for any user that belongs to this group.
c1000Configuration.ldap.enable	bool	false	Enable/disable LDAP authentication.
c1000Configuration.ldap.groupSchemaClass	string	"group"	The objectClass value used when searching for groups.
c1000Configuration.ldap.groupSchemaNameAttr	string	"cn"	The group name field.
c1000Configuration.ldap.groupSchemaType	string	"member"	Group schema type. Allowed values: uniqueMember and member.
c1000Configuration.ldap.groupSearchBaseDn	string	""	Root node in LDAP from which to search for groups. Example: 'cn=users,dc=example,dc=com'.
c1000Configuration.ldap.groupSearchScope	int	2	Scope. Allowed values: 0 (Base), 1 (One level), 2 (Subtree), 3 (Subordinate).
c1000Configuration.ldap.host	string	""	Hostname or IP of the server running LDAP.
c1000Configuration.ldap.port	int	389	LDAP server port. Default: 389 (ldap) or 636 (ldaps).
c1000Configuration.ldap.requireGroup	string	""	Authentication will fail for any user that does not belong to this group. Example: 'cn=enabled,ou=groups,dc=example,dc=com'
c1000Configuration.ldap.tls	bool	true	If true, use Transport Layer Security (TLS) connection.
c1000Configuration.ldap.tlsCacertdir	string	""	Directory in which the TLS CA Certificate file can be found
c1000Configuration.ldap.tlsCacertfile	string	""	TLS CA Certificate file. Must be in PEM format.
c1000Configuration.ldap.tlsRequireCert	bool	false	Verify TLS certificate.
c1000Configuration.ldap.userAttrMapEmail	string	"mail"	Field to map to the email address.
c1000Configuration.ldap.userAttrMapFirstName	string	"givenName"	Field to map to the first name.
c1000Configuration.ldap.userAttrMapLastName	string	"sn"	Field to map to the last name.
c1000Configuration.ldap.userFlagsByGroupIsActive	string	""	Users will be marked as active only if they belong to this group. Example: 'cn=active,ou=users,dc=example,dc=com'.
c1000Configuration.ldap.userFlagsByGroupIsSuperuser	string	""	Users will be marked as superusers only if they belong to this group. Example: 'cn=admins,ou=groups,dc=example,dc=com'.
c1000Configuration.ldap.userSchemaClass	string	"user"	The objectClass value used when searching for users.
c1000Configuration.ldap.userSchemaNameAttr	string	"sAMAccountName"	The username field. Examples: 'sAMAccountName' or 'cn'.
c1000Configuration.ldap.userSearchBaseDn	string	""	Root node in LDAP from which to search for users. Example: 'cn=users,dc=example,dc=com.'
c1000Configuration.ldap.userSearchScope	int	2	Scope. Allowed values: 0 (Base), 1 (One level), 2 (Subtree), 3 (Subordinate).
c1000Configuration.oidc	object	-	Configure authentication with an OpenID Connect client.
c1000Configuration.oidc.accessDenyGroup	string	""	Authentication will fail for any user that belongs to one or more of the provided group(s). Use the access groups delimiter to separate multiple group names.
c1000Configuration.oidc.accessRequireGroup	string	""	Authentication will fail for any user that does not belong to one or more of the provided group(s). Use the access groups delimiter to separate multiple group names.
c1000Configuration.oidc.audience	string	""	Identifies the intended recipient of the token.
c1000Configuration.oidc.claimsSource	string	"ID_TOKEN"	Source used to extract user claims. Allowed values: ID_TOKEN, USER_INFO_ENDPOINT, ACCESS_TOKEN.
c1000Configuration.oidc.clientType	string	"CONFIDENTIAL"	Authenticate with client secret (CONFIDENTIAL) or without (PUBLIC).
c1000Configuration.oidc.enable	bool	false	Enable/disable authentication with OIDC
c1000Configuration.oidc.issuer	string	""	Issuer.
c1000Configuration.oidc.mapClaimAccessGroupsDelimiter	Optional	""	Character to split the User Access Groups on. Characters entered in this field must not be used in any access group name. The maximum length of the delimiter is 2 characters.
c1000Configuration.oidc.mapClaimEmail	string	"email"	The claim containing the unique email address.
c1000Configuration.oidc.mapClaimFirstName	string	"given_name"	The claim containing the user's first name.
c1000Configuration.oidc.mapClaimGroups	string	"group"	The claim containing the list of user's groups.
c1000Configuration.oidc.mapClaimGroupsDelimiter	Optional	""	Character to split the Groups string on.
c1000Configuration.oidc.mapClaimLastName	string	"family_name"	The claim containing the user's last name.
c1000Configuration.oidc.mapClaimUsername	string	"unique_name"	The claim containing the unique username.
c1000Configuration.oidc.opAuthorizationEndpoint	string	""	URL of your OpenID Connect provider authorization endpoint.
c1000Configuration.oidc.opJwksEndpoint	string	""	URL of your OpenID Connect provider JWKS endpoint.
c1000Configuration.oidc.opTokenEndpoint	string	""	URL of your OpenID Connect provider token endpoint.
c1000Configuration.oidc.opUserEndpoint	string	""	URL of your OpenID Connect provider userinfo endpoint.
c1000Configuration.oidc.pkceEnable	bool	false	If true, use PKCE (Proof Key of Code Exchange) to prevent auth code interception.
c1000Configuration.oidc.promptLogin	bool	false	If true, require the authorization server to reauthenticate the user even if the user is already authenticated.
c1000Configuration.oidc.relyingPartId	string	""	Relying Party ID.
c1000Configuration.oidc.rpIdpSignKey	string	""	The key used to sign ID tokens when using an RSA sign algorithm
c1000Configuration.oidc.rpScopes	string	"openid allatclaims"	The OpenID Connect scopes to request during login.
c1000Configuration.oidc.rpSignAlgo	string	"RS256"	Signature algorithm. Allowed values: RS256 and HS256.
c1000Configuration.oidc.userFlagsByGroupIsActive	string	""	Users will be marked as active only if they belong to one or more of the provided group(s). Use the access group delimiter to separate multiple group names.
c1000Configuration.oidc.userFlagsByGroupIsSuperuser	string	""	Users will be marked as superusers only if they belong to one or more of the provided group(s). Use the access groups delimiter to separate multiple group names.
c1000Configuration.oidc.verifySsl	bool	true	Controls whether the OpenID Connect client verifies the SSL certificate of the OP responses.
c1000Configuration.rlapp.allowedHosts	list	[]	A list of host/domain names that this application site can serve.
c1000Configuration.rlapp.sessionCookieAge	int	604800	Duration of the login session, in seconds.
c1000Configuration.rlapp.sessionTimeoutAutomaticallyLogout	bool	false	If true, automatically log out inactive users.
c1000Configuration.rlapp.sessionTimeoutPeriod	int	660	Period of inactivity before sign out. In seconds.
c1000Configuration.saml	object	-	Configure authentication with SAML.
c1000Configuration.saml.accessDenyGroup	string	""	Authentication will fail for any user that belongs to one or more of the provided group(s). Use the access groups delimiter to separate multiple group names.
c1000Configuration.saml.accessRequireGroup	string	""	Authentication will fail for any user that does not belong to one or more of the provided group(s). Use the access groups delimiter to separate multiple group names.
c1000Configuration.saml.allowUnsolicited	bool	false	Allow unsolicited responses from IdP.
c1000Configuration.saml.enable	bool	false	Enable/disable SAML authentication.
c1000Configuration.saml.entityId	string	""	Entity ID.
c1000Configuration.saml.federationMetadata	string	nil	Federation metadata.
c1000Configuration.saml.mapClaimAccessGroupsDelimiter	Optional	""	Character to split the User Access Groups on. Characters entered in this field must not be used in any access group name. The maximum length of the delimiter is 2 characters.
c1000Configuration.saml.mapClaimEmail	string	"email"	The claim containing the unique email address.
c1000Configuration.saml.mapClaimFirstName	string	"given_name"	The claim containing the user's first name.
c1000Configuration.saml.mapClaimGroups	string	"group"	The claim that contains the list of user's groups.
c1000Configuration.saml.mapClaimGroupsDelimiter	Optional	""	Character to split the Groups string on.
c1000Configuration.saml.mapClaimLastName	string	"family_name"	The claim containing the user's last name.
c1000Configuration.saml.mapClaimUsername	string	"unique_name"	The claim containing the unique username.
c1000Configuration.saml.userFlagsByGroupIsActive	string	""	Users will be marked as active only if they belong to one or more of the provided group(s). Use the access groups delimiter to separate multiple group names.
c1000Configuration.saml.userFlagsByGroupIsSuperuser	string	""	Users will be marked as superusers only if they belong to one or more of the provided group(s). Use the access groups delimiter to separate multiple group names.
c1000Configuration.smtp	object	-	SMTP Settings.
c1000Configuration.smtp.defaultFromEmail	string	"online@reversinglabs.com"	Default email address to use for automated correspondence.
c1000Configuration.smtp.host	string	"localhost"	SMTP Hostname.
c1000Configuration.smtp.port	int	25	SMTP Port.
c1000Configuration.smtp.useTls	bool	false	Use TLS.
c1000Configuration.snmp	object	-	SNMP settings.
c1000Configuration.snmp.trapAvgLoadThreshold15Min	int	50	Average System Load in 15 Minutes (%).
c1000Configuration.snmp.trapAvgLoadThreshold1Min	int	90	Average System Load in 1 Minute (%).
c1000Configuration.snmp.trapAvgLoadThreshold5Min	int	70	Average System Load in 5 Minutes (%).
c1000Configuration.snmp.trapCommunity	string	""	SNMP trap community string.
c1000Configuration.snmp.trapDiskThreshold	int	90	Percentage of disk used.
c1000Configuration.snmp.trapMemoryThreshold	int	80	Percentage of memory used.
c1000Configuration.snmp.trapSink	string	""	Hostname or IP of the trap sink server.
c1000Configuration.snmp.trapSinkEnable	bool	false	Enable sending traps to sink server.
c1000Configuration.sync	object	-	Synchronization settings.
c1000Configuration.sync.yaraRulesetsEnable	bool	false	Allow connected appliances to synchronize YARA rulesets.
c1000Configuration.systemAlerting	object	-	System Alerting settings.
c1000Configuration.systemAlerting.syslogEnable	bool	false	Send system alert messages to a syslog server.
c1000Configuration.systemAlerting.syslogEnableAuditLogs	bool	false	Audit logs will be automatically sent to the syslog server in addition to other system messages. Enabling this will increase the traffic between Spectra Detect Manager and the syslog server.
c1000Configuration.systemAlerting.syslogHost	string	""	Syslog host.
c1000Configuration.systemAlerting.syslogPort	int	514	Syslog port.
c1000Configuration.systemAlerting.syslogTransportProtocol	string	"TCP"	Syslog protocol.
c1000Configuration.ticloud	object	-	Spectra Intelligence settings.
c1000Configuration.ticloud.enable	bool	false	Enable Spectra Intelligence.
c1000Configuration.ticloud.proxyHost	string	""	Proxy hostname for routing requests from the appliance to Spectra Intelligence.
c1000Configuration.ticloud.proxyPort	int	25	Proxy port.
c1000Configuration.ticloud.timeout	int	60	Timeout in seconds. Maximum: 1000.

Other Values

Key	Type	Default	Description
affinity	object	{}
filebeat.config	string	nil
filebeat.enable	bool	true
filebeat.image	string	"docker.elastic.co/beats/filebeat"
filebeat.output.console.pretty	bool	false
filebeat.resources.limits.cpu	string	"1000m"
filebeat.resources.limits.memory	string	"1500Mi"
filebeat.resources.requests.cpu	string	"100m"
filebeat.resources.requests.memory	string	"100Mi"
filebeat.tag	string	"8.12.0"
fullnameOverride	string	""
image.pullPolicy	string	"Always"
image.repository	string	"registry.reversinglabs.com/detect/images/detect-manager-mono"
image.tag	string	"5.5.1"
imagePullSecrets[0].name	string	"rl-registry-key"
ingress.annotations	object	{}
ingress.className	string	"nginx"
ingress.enabled	bool	false
ingress.host	string	nil
ingress.paths[0].path	string	"/"
ingress.paths[0].pathType	string	"Prefix"
ingress.tls.certificateArn	string	""
ingress.tls.issuer	string	""
ingress.tls.issuerKind	string	"Issuer"
ingress.tls.secretName	string	"tls-c1000"
nameOverride	string	""
nodeSelector	object	{}
persistence	object	-	Persistence values configure options for PersistentVolumeClaim used for storing samples.
persistence.accessModes	list	["ReadWriteOnce"]	Access mode.
persistence.requestStorage	string	"10Gi"	Request storage. If Central Storage is enabled, at least 100 GiB is required for it to work properly.
podAnnotations	object	{}
podSecurityContext	object	{}
replicaCount	int	1
resources.requests.cpu	string	"1500m"
resources.requests.memory	string	"4Gi"
securityContext.capabilities.add[0]	string	"NET_ADMIN"
securityContext.capabilities.add[1]	string	"SYS_NICE"
securityContext.capabilities.add[2]	string	"IPC_LOCK"
securityContext.privileged	bool	false
service.port	int	80
service.type	string	"ClusterIP"
serviceAccount.annotations	object	{}
serviceAccount.create	bool	true
serviceAccount.name	string	nil
tolerations	list	[]

---

Spectra Detect Worker

TiScale Worker Helm chart for Kubernetes

Rabbitmq and Postgres secrets

Secret	Type	Description
release_name-secret-rabbitmq	required	Basic authentication secret which contains username and password for RabbitMQ. If rabbitmq.createUserSecret is set to true, it will be created automatically from username and password. Otherwise, secret has to already exist.
release_name-secret-rabbitmq-admin	optional	Basic authentication secret which contains username and password for RabbitMQ Admin. If rabbitmq.createManagementAdminSecret is set to true, it will be created automatically from username and password.
release_name-secret-postgres	required	Basic authentication secret which contains username and password for Database. If postgres.createUserSecret is set to true, it will be created automatically from username and password. Otherwise, secret has to already exist.

Configmap configuration secrets

Secret	Type	Description
release_name-secret-worker-cloud	optional	Basic authentication secret which contains username and password for Spectra Intelligence authentication. Required when Spectra Intelligence is enabled.
release_name-secret-worker-cloud-proxy	optional	Basic authentication secret which contains username and password for Spectra Intelligence Proxy authentication. Required when Spectra Intelligence Proxy is enabled.
release_name-secret-worker-aws	optional	Basic authentication secret which contains username and password for AWS authentication. Required if any type of S3 storage (File, SNS, Report, Unpacked) is enabled.
release_name-secret-worker-azure	optional	Basic authentication secret which contains username and password for Azure authentication. Required if any type of ADL storage (File, Report, Unpacked) is enabled.
release_name-secret-worker-ms-graph	optional	Basic authentication secret which contains username and password for Microsoft Cloud Storage authentication. Required if any type of Microsoft Cloud storage (File, Report, Unpacked) is enabled.
release_name-secret-unpacked-s3	optional	Secret which contains only password. Used for encryption of the archive file. Relevant only when the unpackedS3.archiveUnpacked option is set to true.
release_name-secret-report-s3	optional	Secret which contains only password. Used for encryption of the archive file. Relevant only when the reportS3.archiveSplitReport option is set to true.
release_name-secret-unpacked-adl	optional	Secret which contains only password. Used for encryption of the archive file. Relevant only when the unpackedAdl.archiveUnpacked option is set to true.
release_name-secret-report-adl	optional	Secret which contains only password. Used for encryption of the archive file. Relevant only when the reportAdl.archiveSplitReport option is set to true.
release_name-secret-unpacked-ms-graph	optional	Secret which contains only password. Used for encryption of the archive file. Relevant only when the unpackedMsGraph.archiveUnpacked option is set to true.
release_name-secret-report-ms-graph	optional	Secret which contains only password. Used for encryption of the archive file. Relevant only when the reportMsGraph.archiveSplitReport option is set to true.
release_name-secret-splunk	optional	Token secret which contains token for Splunk authentication. Required if Splunk Integration is enabled.
release_name-secret-archive-zip	optional	Secret which contains only password. Relevant only when the archive.fileWrapper value is set to "zip" or "mzip".
release_namespace-secret-worker-api-token	optional	Token secret which contains token that is used to upload files and to get YARA rule identifiers. The value configured here must correspond to the API token set for the Spectra Detect Hub Group. All Workers in the group must use the same token for services like Connectors to work properly.
release_namespace-secret-worker-api-task-token	optional	Token secret which contains token that is used to fetch reports or otherwise work with processing tasks: list tasks, delete one or delete multiple tasks.
release_namespace-secret-worker-srv-token	optional	Token secret which contains token that is used in authentication for Worker Service API endpoint. The value configured here must correspond to the SRV token set for the Spectra Detect Hub Group. Token is used by Workers for services like load balancing to work properly.
release_namespace-secret-worker-srv-available-token	optional	Token secret which contains the token used in endpoint authentication for the processing availability API.
release_namespace-secret-sa-integration-token	optional	Token secret which contains the token used in authentication on Spectra Analyze when Spectra Analyze Integration is enabled (setup with spectraAnalyzeIntegration). This token should be created in Spectra Analyze.

Values

Configmap Configuration values for Worker

Key	Type	Default	Description
a1000	object	-	Integration with Spectra Analyze appliance.
a1000.host	string	""	The hostname or IP address of the A1000 appliance associated with the Worker.
adl	object	-	Settings for storing files in an Azure Data Lake container.
adl.container	string	""	The hostname or IP address of the Azure Data Lake container that will be used for storage. Required when storing files in ADL is enabled.
adl.enabled	bool	false	Enable or disable the storage of processed files.
adl.folder	string	""	Specify the name of the folder on the container where files will be stored.
apiServer	object	-	Configures a custom Worker IP address which is included in the response when uploading a file to the Worker for processing.
apiServer.host	string	""	Configures the hostname or IP address of the Worker. Only necessary if the default IP address or network interface is incorrect.
appliance.configMode	string	"STANDARD"	Appliance configuration mode. Allowed values: CONFIGMAP (configuration provided with a ConfigMap), STANDARD (configuration provided via the UI).
archive	object	-	After processing, files can be zipped before external storage. Available only for S3 and Azure.
archive.fileWrapper	string	""	Specify whether the files should be compressed as a ZIP archive before uploading to external storage. Supported values are: zip, mzip. If this parameter is left blank, files will be uploaded in their original format.
archive.zipCompress	int	0	ZIP compression level to use when storing files in a ZIP file. Allowed range: 0 (no compression) to 9 (maximum compression).
archive.zipMaxfiles	int	0	Maximum allowed number of files that can be stored in one ZIP archive. Allowed range: 1-65535. 0 represents unlimited.
aws	object	-	Configuration of integration with AWS or AWS-compatible storage to be used for SNS, and for uploading files and analysis reports to S3.
aws.caPath	string	""	Path on the file system pointing to the certificate of a custom (self-hosted) S3 server.
aws.endpointUrl	string	""	Only required in non-AWS setups in order to store files to an S3-compatible server. When this parameter is left blank, the default is https://aws.amazonaws.com. Supported pattern(s): https?://.+".
aws.maxReattempts	int	5	Maximum number of retries when saving a report to an S3-compatible server.
aws.payloadSigningEnabled	bool	false	Specifies whether to include an SHA-256 checksum with Amazon Signature Version 4 payloads.
aws.region	string	"us-east-1"	Specify the correct AWS geographical region where the S3 bucket is located. Required parameter, ignored for non-AWS setups.
aws.serverSideEncryption	string	""	Specify the encryption algorithm used on the target S3 bucket (e.g. aws:kms or AES256).
aws.sslVerify	bool	false	Enable/disable SSL verification.
awsRole	object	-	Configures the AWS IAM roles used to access S3 buckets without sharing secret keys. The IAM role which will be used to obtain temporary tokens has to be created in the AWS console.
awsRole.enableArn	bool	false	Enables or disables this entire feature.
awsRole.externalRoleId	string	""	The external ID of the role that will be assumed. This can be any string. Usually, it’s an ID provided by the entity which uses (but doesn’t own) an S3 bucket. The owner of that bucket takes that external ID and builds an ARN with it."
awsRole.refreshBuffer	int	5	Number of seconds to fetch a new ARN token before the token timeout is reached.
awsRole.roleArn	string	""	The role ARN created using the external role ID and an Amazon ID. In other words, the ARN which allows a Worker to obtain a temporary token, which then allows it to save to S3 buckets without a secret access key.
awsRole.roleSessionName	string	""	Name of the session visible in AWS logs. Can be any string.
awsRole.tokenDuration	int	900	How long before the authentication token expires and is refreshed. The minimum value is 900 seconds.
azure	object	-	Configures integration with Azure Data Lake Gen2 for the purpose of storing processed files in Azure Data Lake containers.
azure.endpointSuffix	string	"core.windows.net"	Specify the suffix for the address of your Azure Data Lake container.
callback	object	-	Settings for automatically sending file analysis reports via POST request.
callback.advancedFilterEnabled	bool	false	Enable/disable advanced filter.
callback.advancedFilterName	string	""	Name of the advanced filter.
callback.caPath	string	""	If the url parameter uses HTTPS, set the path to the certificate file here. This automatically enables SSL verification. If this parameter is left blank or not configured, SSL verification will be disabled, and the certificate will not be validated.
callback.enabled	bool	false	Enable/disable connection.
callback.maliciousOnly	bool	false	Report contains only malicious and suspicious children.
callback.reportType	string	"medium"	Specifies which report_type is returned. By default, or when empty, only the medium (summary) report is provided in the callback response. Set to extended_small, small, medium, or large to view results of filtering the full report.
callback.splitReport	bool	false	By default, reports contain information on parent files and all extracted children files. If set to true, reports for extracted files will be separated from the full report and saved as standalone files. If any user-defined data was appended to the analyzed parent file, it will be included in every split child report.
callback.sslVerify	bool	false	Enable/disable SSL verification
callback.timeout	int	5	Specify the timeout in seconds for the POST request. On failure, the Worker retries up to six times, increasing the delay after the second retry. With the default timeout, the total possible wait before a final failure is 159 seconds.
callback.topContainerOnly	bool	false	If set to true, the reports will only contain metadata for the top container. Reports for unpacked files will not be generated.
callback.url	string	""	Specify the full URL used to send the callback POST request. Both HTTP and HTTPS protocols are supported. If this parameter is left blank, reports will not be sent, and the callback feature will be disabled. Supported pattern(s): http?://.+
callback.view	string	""	Specifies whether a custom report view should be applied to the report.
cef	object	-	Configures Common Event Format (CEF) settings. CEF is an extensible, text-based logging and auditing format that uses a standard header and a variable extension, formatted as key-value pairs.
cef.cefMsgHashType	string	"md5"	Specify the type of hash that will be included in CEF messages. Supported values are: md5, sha1, sha256.
cef.enableCefMsg	bool	false	Enable or disable sending CEF messages to syslog. Defaults to false to avoid flooding.
classify	object	-	Configure settings for Worker analysis and classification of files using the Spectra Core static analysis engine.
classify.certificates	bool	true	Enable checking whether file certificate passes the certificate validation, in addition to checking certificate whitelists and blacklists.
classify.documents	bool	true	Enable document format threat detection.
classify.emails	bool	true	Enable detection of phishing and other email threats.
classify.hyperlinks	bool	true	Enable embedded hyperlinks detection.
classify.ignoreAdware	bool	false	When set to true, classification results that match adware will be ignored.
classify.ignoreHacktool	bool	false	When set to true, classification results that match hacktool will be ignored.
classify.ignorePacker	bool	false	When set to true, classification results that match packer will be ignored.
classify.ignoreRiskware	bool	false	When set to true, classification results that match riskware will be ignored.
classify.ignoreSpam	bool	false	When set to true, classification results that match spam will be ignored.
classify.ignoreSpyware	bool	false	When set to true, classification results that match spyware will be ignored.
classify.images	bool	true	When true, the heuristic image classifier for supported file formats is used.
classify.pecoff	bool	true	When true, the heuristic Windows executable classifier for supported PE file formats is used.
cleanup	object	-	Configures how often the Worker file system is cleaned up.
cleanup.fileAgeLimit	int	1440 (LargeWorker: 4320)	Time before an unprocessed file present on the appliance is deleted, in minutes.
cleanup.taskAgeLimit	int	90 (LargeWorker: 4320)	Time before analysis reports and records of processed tasks are deleted, in minutes.
cleanup.taskUnprocessedLimit	int	1440 (LargeWorker: 4320)	Time before an incomplete processing task is canceled, in minutes.
cloud	object	-	Configures integration with the Spectra Intelligence service or a T1000 instance to receive additional classification information.
cloud.enabled	bool	false	Enable/disable connection.
cloud.proxy	object	-	Configure an optional proxy connection.
cloud.proxy.enabled	bool	false	Enable/disable proxy server.
cloud.proxy.port	int	8080	Specify the TCP port number if using an HTTP proxy. Allowed range(s): 1 … 65535. Required only if proxy is used.
cloud.proxy.server	string	""	Proxy hostname or IP address for routing requests from the appliance to Spectra Intelligence. Required only if proxy is used.
cloud.server	string	""	Hostname or IP address of the Spectra Intelligence server. Required if Spectra Intelligence integration is enabled. Format: https://<ip_or_hostname>.
cloud.timeout	int	5	Specify the number of seconds to wait when connecting to Spectra Intelligence before terminating the connection request.
cloudAutomation	object	-	Configures the Worker to automatically submit files to Spectra Intelligence for antivirus scanning (in addition to local static analysis and remote reputation lookup (from previous antivirus scans)).
cloudAutomation.dataChangeSubscribe	bool	false	Subscribe to the Spectra Intelligence data change notification mechanism.
cloudAutomation.spexUpload	object	-	Scanning settings.
cloudAutomation.spexUpload.enabled	bool	false	Enable/disable this feature.
cloudAutomation.spexUpload.rescanEnabled	bool	true	Enable/disable rescan of files upon submission based on the configured interval to include the latest AV results in the reports.
cloudAutomation.spexUpload.rescanThresholdInDays	int	3	Set the interval in days for triggering an AV rescan. If the last scan is older than the specified value, a rescan will be initiated. A value of 0 means files will be rescanned with each submission.
cloudAutomation.spexUpload.scanUnpackedFiles	bool	false	Enable/disable sending unpacked files to Deep Cloud Analysis for scanning. Consumes roughly double the processing resources compared to standard analysis.
cloudAutomation.waitForAvScansTimeoutInMinutes	int	240	Sets the maximum wait time (in minutes) for Deep Cloud Analysis to complete. If the timeout is reached, the report will be generated without the latest AV results.
cloudAutomation.waitForAvScansToFinish	bool	false	If set to true, delays report generation until Deep Cloud Analysis completes, ensuring the latest AV results are included.
cloudCache	object	-	Caches Spectra Intelligence results to preserve quota and bandwidth when analyzing sets of samples containing many duplicates or identical extracted files.
cloudCache.cacheMaxSizePercentage	float	6.25	Maximum cache size expressed as a percentage of the total allocated RAM on the Worker. Allowed range: 5 - 15.
cloudCache.cleanupWindow	int	10	How often to run the cache cleanup process, in minutes. It is advisable for this value to be lower, or at least equal to the TTL value. Max: 5 - 60.
cloudCache.enabled	bool	false (LargeWorker: true)	Enable or disable the caching feature.
cloudCache.maxIdleUpstreamConnections	int	50	The maximum number of idle upstream connections. Allowed range: 10 - 50.
cloudCache.ttl	int	240 (LargeWorker: 480)	Time to live for cached records, in minutes. Allowed range: 1 - 7200.
filter	object	-	Configures file filters that can be used to limit which files are saved after processing based on specified criteria. If a file matches a filter, it will not be saved after processing.
filter.enabled	bool	false	Enable/disable the file filter functionality.
filter.filters	list	-	List of filters.
filter.filters[0].active	bool	false	Set to either true or false to activate or deactivate the current file filter.
filter.filters[0].classification	string	"Goodware"	Allows filtering out files based on their classification. Malicious and suspicious files cannot be filtered out, so the only supported values are Goodware and Unknown, or both 'Goodware,Unknown'.
filter.filters[0].factor	int	0	When a file is processed, it is assigned a factor, represented as a number from 0 to 5. For goodware, it indicates trust level (0 is highest trust, 5 is lowest), while in all other cases, it indicates the threat factor of the file (1 is least dangerous, 5 is most dangerous). For this parameter, the user should specify one value from 0 to 5. Files with a threat or trust factor equal to or less than the configured value are filtered out.
filter.filters[0].fileSize	int	0	Specify the file size in bytes, and use the fileSizeCond parameter to define the conditions related to file size.
filter.filters[0].fileSizeCond	string	"greater_than"	Specify the conditions that apply to the value defined in the file_size parameter. Allowed values: less_than, greater_than, greater_than_or_equal_to.
filter.filters[0].fileType	string	"All"	Specify one or more file types (such as Binary, Image, Text, Document, PE…). If specifying multiple file types, they should be comma-separated. Files matching the specified type(s) will be filtered out. Possible values: "All", "Audio", "Binary", "DEX", "Document", "ELF32.Big", "ELF32.Little", "ELF64.Big", "ELF64.Little" , "Image", "MachO32.Big", "MachO32.Little", "MachO64.Big", "MachO64.Little", "Media.Container", "MZ", "ODEX", "PE", "PE+", "PE16", "Text", "Video".
filter.filters[0].name	string	"Default"	Specify a unique identifier for the particular file filter to distinguish it from others.
general.maxUploadSizeMb	int	2048	The largest file (in MB) that Worker will accept and start processing. Ignored if Spectra Intelligence is connected and file upload limits are set there.
general.postprocessingCheckThresholdMins	int	720 (LargeWorker: 4320)	How often the postprocessing service will be checked for timeouts. If any issues are detected, the process will be restarted.
general.tsWorkerCheckThresholdMins	int	720 (LargeWorker: 4320)	How often the processing service will be checked for timeouts. If any issues are detected, the process will be restarted.
general.uploadSizeLimitEnabled	bool	false	Whether or not the upload size filter is active. Ignored if Spectra Intelligence is connected and file upload limits are set there.
hashes	object	-	Spectra Core calculates file hashes during analysis and includes them in the analysis report. The following options configure which additional hash types should be calculated and included in the Worker report. SHA1 and SHA256 are always included and therefore aren’t configurable. Selecting additional hash types (especially SHA384 and SHA512) may slow report generation.
hashes.enableCrc32	bool	false	Include CRC32 hashes in reports.
hashes.enableMd5	bool	true	Include MD5 hashes in reports.
hashes.enableSha384	bool	false	Include SHA384 hashes in reports.
hashes.enableSha512	bool	false	Include SHA512 hashes in reports.
hashes.enableSsdeep	bool	false	Include SSDEEP hashes in reports.
hashes.enableTlsh	bool	false	Include TLSH hashes in reports.
health	object	-	Configures thresholds for when the system will be considered unhealthy and will reject traffic until the system resources are restored to values below the defined thresholds.
health.enabled	bool	true	Set to true or false to enable or disable the thresholds functionality.
health.queueHigh	int	5000 (LargeWorker: 500)	Specify the maximum number of items allowed in the queue. If it exceeds the configured value, the appliance will start rejecting traffic. Allowed range(s): 10+.
largeReport	object	-	The large report method uses a different library which prevents memory spikes when generating the report, and is therefore better suited to reports with many fields. However, the report generation is slower.
largeReport.sizeLimitMb	int	0 (LargeWorker: 1)	Reports larger than this value (MB) will be generated using the large report method. Value 0 disables this.
logging	object	-	Configures the severity above which events will be logged or sent to a remote syslog server. Severity can be: INFO, WARNING, or ERROR.
logging.syslogLogLevel	string	"ERROR"	Events below this severity level will not be sent to a remote syslog server.
logging.tiscaleLogLevel	string	"INFO"	Events below this level will not be saved to logs (/var/log/messages and /var/log/tiscale/*.log).
msGraph.enabled	bool	false	Turns the Microsoft Cloud Storage file integration on or off.
msGraph.folder	string	""	Folder where samples will be stored in Microsoft Cloud Storage.
msGraphGeneral	object	-	Configures the general options for the Microsoft Cloud Storage integration.
msGraphGeneral.customDomain	string	""	Application’s custom domain configured in the Azure portal.
msGraphGeneral.siteHostname	string	""	Used only if storageType is set to SharePoint. This is the SharePoint hostname.
msGraphGeneral.siteRelativePath	string	""	SharePoint Online site relative path. Only used when storageType is set to SharePoint.
msGraphGeneral.storageType	string	"onedrive"	Specifies the storage type. Supported values are: onedrive or sharepoint.
msGraphGeneral.username	string	""	Used only if storageType is set to OneDrive. Specifies which user’s drive will be used."
processing	object	-	Configure the Worker file processing capabilities to improve performance and load balancing.
processing.cacheEnabled	bool	false (LargeWorker: true)	Enable/disable caching. When enabled, Spectra Core can skip reprocessing the same files (duplicates) if uploaded consecutively in a short period.
processing.cacheTimeToLive	int	0	If file processing caching is enabled, specify how long (in seconds) the analysis reports should be preserved in the cache before they expire. A value of 0 uses the default. Default: 600. Maximum: 86400.
processing.depth	int	0	Specifies how "deep" a file is unpacked. By default, when set to 0, Workers will unpack files recursively until no more files can be unpacked. Setting a value greater than 0 limits the depth of recursion, which can speed up analyses but provide less detail.
processing.largefileThreshold	int	100	If advanced mode is enabled, files larger than this threshold (in MB) will be processed individually, one by one. This parameter is ignored in standard mode.
processing.mode	int	2	Configures the Worker processing mode to improve load balancing. Supported modes are standard (1) and advanced (2).
processing.timeout	string	"28800" (LargeWorker: "259200")	Specifies how many seconds the Worker should wait for a file to process before terminating the task. Default: 28800. Maximum: 259200.
propagation	object	-	Configure advanced classification propagation options supported by the Spectra Core static analysis engine. When Spectra Core classifies files, the classification of a child file can be applied to the parent file.
propagation.enabled	bool	true	Enable/disable the classification propagation feature. When propagation is enabled, files can be classified based on the content extracted from them. This means that files containing a malicious or suspicious file will also be considered malicious or suspicious.
propagation.goodwareOverridesEnabled	bool	true	Enable/disable goodware overrides. When enabled, any files extracted from a parent file and whitelisted by certificate, source or user override can no longer be classified as malicious or suspicious. This is an advanced goodware whitelisting technique that can be used to reduce the amount of false positive detections.
propagation.goodwareOverridesFactor	int	1	When goodware overrides are enabled, this parameter must be configured to determine the factor to which overrides will be applied. Supported values are 0 to 5, where zero represents the best trust factor (highest confidence that a sample contains goodware). Overrides will apply to files with a trust factor equal to or lower than the value configured here.
report	object	-	Configure the contents of the Spectra Detect file analysis report.
report.firstReportOnly	bool	false	If disabled, the reports for samples with child files will include relationships for all descendant files. Enabling this setting will only include relationship metadata for the root parent file to reduce redundancy.
report.includeStrings	bool	false	When enabled, includes strings in the file analysis report. Spectra Core can extract strings from binaries. This can be useful but may result in extensive metadata. To reduce noise, the types of included strings can be customized in the strings section.
report.relationships	bool	false	Includes sample relationship metadata in the file analysis report. When enabled, the relationships section lists the hashes of files found within the given file.
reportAdl	object	-	Settings to configure how reports saved to Azure Data Lake are formatted.
reportAdl.archiveSplitReport	bool	true	Enable sending a single, smaller archive of split report files to ADL instead of each file. Relevant only when the 'Split report' option is used.
reportAdl.container	string	""	Container where reports will be stored. Required when this feature is enabled.
reportAdl.enabled	bool	false	Enable/disable storing file processing reports to ADL.
reportAdl.filenameTimestampFormat	string	""	File naming pattern for the report itself. A timestamp is appended to the SHA1 hash of the file. The timestamp format must follow the strftime specification and be enclosed in quotation marks. If not specified, the ISO 8601 format is used.
reportAdl.folder	string	""	Specify the name of a folder where analysis reports will be stored. If the folder name is not provided, files are stored into the root of the configured container.
reportAdl.folderOption	string	"date_based"	Select the naming pattern that will be used when automatically creating subfolders for storing analysis reports. Supported options are: date_based (YYYY/mm/dd/HH), datetime_based (YYYY/mm/dd/HH/MM/SS), and sha1_based (using the first 4 characters of the file hash).
reportAdl.maliciousOnly	bool	false	Report contains only malicious and suspicious children.
reportAdl.reportType	string	"large"	Specify the report type that should be applied to the Worker analysis report before storing it. Report types are results of filtering the full report. In other words, fields can be included or excluded as required. Report types are stored in the /etc/ts-report/report-types directory.
reportAdl.splitReport	bool	false	By default, reports contain information on parent files and all extracted children files. When this option is enabled, analysis reports for extracted files are separated from their parent file report, and saved as individual report files.
reportAdl.timestampEnabled	bool	true	Enable/disable appending a timestamp to the report name.
reportAdl.topContainerOnly	bool	false	When enabled, file analysis report will only include metadata for the top container and subreports for unpacked files will not be generated.
reportAdl.view	string	""	Apply a view for transforming report data to the “large” report type to ensure maximum compatibility. Several existing views are also available as report types, which should be used as a view substitute due to performance gains. Custom views can be defined by placing the scripts in the “/usr/libexec/ts-report-views.d” directory on Spectra Detect Worker.
reportApi	object	-	Configures the settings applied to the file analysis report fetched using the GET endpoint.
reportApi.maliciousOnly	bool	false	Report contains only malicious and suspicious children.
reportApi.reportType	string	""	Specify the report type that should be applied to the Worker analysis report before storing it. Report types are results of filtering the full report. In other words, fields can be included or excluded as required. Report types are stored in the /etc/ts-report/report-types directory.
reportApi.topContainerOnly	bool	false	When enabled, file analysis report will only include metadata for the top container and subreports for unpacked files will not be generated.
reportApi.view	string	""	Apply a view for transforming report data to the “large” report type to ensure maximum compatibility. Several existing views are also available as report types, which should be used as a view substitute due to performance gains. Custom views can be defined by placing the scripts in the “/usr/libexec/ts-report-views.d” directory on Spectra Detect Worker.
reportMsGraph	object	-	Settings to configure how reports saved to OneDrive or SharePoint are formatted.
reportMsGraph.archiveSplitReport	bool	true	Enable sending a single, smaller archive of split report files to Microsoft Cloud Storage instead of each file. Relevant only when the "Split Report" option is used.
reportMsGraph.enabled	bool	false	Enable/disable storing file processing reports.
reportMsGraph.filenameTimestampFormat	string	""	This refers to the naming of the report file itself. A timestamp is appended to the SHA1 hash of the file. The timestamp format must follow the strftime specification and be enclosed in quotation marks. If not specified, the ISO 8601 format is used.
reportMsGraph.folder	string	""	Folder where report files will be stored on the Microsoft Cloud Storage. If the folder name is not provided, files are stored into the root of the configured container.
reportMsGraph.folderOption	string	"date_based"	Select the naming pattern that will be used when automatically creating subfolders for storing analysis reports. Supported options are: date_based (YYYY/mm/dd/HH), datetime_based (YYYY/mm/dd/HH/MM/SS), and sha1_based (using the first 4 characters of the file hash).
reportMsGraph.maliciousOnly	bool	false	Report contains only malicious and suspicious children.
reportMsGraph.reportType	string	"large"	Specify the report type that should be applied to the Worker analysis report before storing it. Report types are results of filtering the full report. In other words, fields can be included or excluded as required. Report types are stored in the /etc/ts-report/report-types directory.
reportMsGraph.splitReport	bool	false	By default, reports contain information on parent files and all extracted children files. When this option is enabled, analysis reports for extracted files are separated from their parent file report, and saved as individual report files.
reportMsGraph.topContainerOnly	bool	false	When enabled, file analysis report will only include metadata for the top container, and subreports for unpacked files will not be generated.
reportMsGraph.view	string	""	Apply a view for transforming report data to the “large” report type to ensure maximum compatibility. Several existing views are also available as report types, which should be used as a view substitute due to performance gains. Custom views can be defined by placing the scripts in the “/usr/libexec/ts-report-views.d” directory on Spectra Detect Worker.
reportS3	object	-	Settings to configure how reports saved to S3 buckets are formatted.
reportS3.advancedFilterEnabled	bool	false	Enable/disable usage of advance filters.
reportS3.advancedFilterName	string	""	Name of the advanced filter.
reportS3.archiveSplitReport	bool	true	Enable sending a single, smaller archive of split report files to S3 instead of each file. Relevant only when the 'Split report' option is used.
reportS3.bucketMapping	object	{}	Used if destinationType is set to mapping. Accepts a list of bucket-mapping structures. See Bucket Mapping Structure.
reportS3.bucketName	string	""	Name of the S3 bucket where processed files will be stored. Required when this feature is enabled.
reportS3.bucketS3ConnectionMapping	list	[]	Accepts a nested dictionary that sets individual AWS connection methods for each target output bucket. Connection parameters are those described under aws and awsRole.
reportS3.destinationType	string	"default"	Supported values are default (saves the reports into the bucket configured by bucketName), source (saves the reports into the S3 bucket where the samples originated from), mapping (saves the reports according to the mapping configured by bucketMapping).
reportS3.enabled	bool	false	Enable/disable storing file processing reports to S3.
reportS3.filenameTimestampFormat	string	""	This refers to the naming of the report file itself. A timestamp is appended to the SHA1 hash of the file. The timestamp format must follow the strftime specification and be enclosed in quotation marks. If not specified, the ISO 8601 format is used.
reportS3.folder	string	""	Folder where report files will be stored in the given S3 bucket. The folder can be up to 1024 bytes long when encoded in UTF-8, and can contain letters, numbers and special characters: "!", "-", "_", ".", "*", "'", "(", ")", "/". It must not start or end with a slash or contain leading or trailing spaces. Consecutive slashes ("//") are not allowed.
reportS3.folderOption	string	"date_based"	Select the naming pattern used when automatically creating subfolders for storing analysis reports. Supported options are: date_based (YYYY/mm/dd/HH), datetime_based (YYYY/mm/dd/HH/MM/SS), and sha1_based (using the first 4 characters of the file hash).
reportS3.maliciousOnly	bool	false	Report contains only malicious and suspicious children.
reportS3.reportType	string	"large" (LargeWorker: "extended_small")	Specify the report type that should be applied to the Worker analysis report before storing it. Report types are results of filtering the full report. In other words, fields can be included or excluded as required. Report types are stored in the /etc/ts-report/report-types directory.
reportS3.splitReport	bool	false	By default, reports contain information on parent files and all extracted children files. When this option is enabled, analysis reports for extracted files are separated from their parent file report, and saved as individual report files.
reportS3.timestampEnabled	bool	true	Enable/disable appending a timestamp to the report name.
reportS3.topContainerOnly	bool	false	When enabled, file analysis report will only include metadata for the top container and subreports for unpacked files will not be generated.
reportS3.view	string	""	Apply a view for transforming report data to the “large” report type to ensure maximum compatibility. Several existing views are also available as report types, which should be used as a view substitute due to performance gains. Custom views can be defined by placing the scripts in the “/usr/libexec/ts-report-views.d” directory on Spectra Detect Worker.
s3	object	-	Settings for storing a copy of all files uploaded for analysis on Worker to an S3 or a third-party, S3-compatible server.
s3.advancedFilterEnabled	bool	false	Enable/disable usage of advance filters.
s3.advancedFilterName	string	""	Name of the advanced filter.
s3.bucketMapping	object	{}	Used if destinationType is set to mapping. Accepts a dictionary of S3 input buckets mapped to output buckets, enclosed in quotation marks.
s3.bucketName	string	""	Name of the S3 bucket where processed files will be stored. Required when this feature is enabled.
s3.bucketS3ConnectionMapping	list	[]	Accepts a nested dictionary that sets individual AWS connection methods for each target output bucket. Connection parameters are those described under aws and awsRole.
s3.destinationType	string	"default"	Supported values are default (saves the reports into the bucket configured by bucketName), mapping (saves the reports according to the mapping configured by bucketMapping.
s3.enabled	bool	false	Enable/disable storing file processed files on S3.
s3.folder	string	""	Specify the name of a folder where analyzed files will be stored. If the folder name is not provided, files are stored into the root of the configured bucket.
s3.storeMetadata	bool	true	When true, analysis metadata will be stored to the uploaded S3 object.
scaling	object	-	Configures the number of concurrent processes and the number of files analyzed concurrently. Parameters in this section can be used to optimize the file processing performance on Worker.
scaling.concurrencyCount	int	0	Sets the number of threads per Spectra Core instance. Value 0 means the number of threads will equal the number of CPU cores.
scaling.loadSize	int	0	Defines the maximum number of individual files that can simultaneously be processed by a single instance of Spectra Core. When one file is processed, another from the queue enters the processing state. Value 0 sets the maximum number of files to be processed to the number of CPU cores on the system.
scaling.postprocessing	int	1	Specify how many post-processing instances to run. Post-processing instances will then modify and save reports or upload processed files to external storage. Increasing this value can increase throughput for servers with extra available cores. Maximum: 256.
scaling.preprocessingUnpacker	int	1	Specify how many copies of Spectra Core are used to unpack samples for Deep Cloud Analysis. This setting only has effect if Deep Cloud Analysis is enabled with Scan Unpacked Files capability.
scaling.processing	int	1	Specify how many copies of Spectra Core engine instances to run. Each instance starts threads to process files. Maximum: 256.
sns	object	-	Configures settings for publishing notifications about file processing status and links the reports to an Amazon SNS (Simple Notification Service) topic.
sns.enabled	bool	false	Enable/disable publishing notifications to Amazon SNS.
sns.topic	string	""	Specify the SNS topic ARN that the notifications should be published to. Prerequisite: the AWS account in the AWS settings must be given permission to publish to this topic. Required when this feature is enabled.
spectraAnalyzeIntegration	object	-	Configuration settings to upload processed samples to configured Spectra Analyze.
spectraAnalyzeIntegration.address	string	""	Spectra Analyze address. Required when this feature is enabled. Has to be in the following format: https://<ip_or_hostname>.
spectraAnalyzeIntegration.advancedFilterEnabled	bool	true	Enable/disable advanced filter.
spectraAnalyzeIntegration.advancedFilterName	string	"default_filter"	Name of the advanced filter.
spectraAnalyzeIntegration.enabled	bool	false	Enable/disable integration with Spectra Analyze.
splunk	object	-	Configures integration with Splunk, a logging server that can receive Spectra Detect file analysis reports.
splunk.caPath	string	""	Path to the certificate.
splunk.chunkSizeMb	int	0	The maximum size (MB) of a single request sent to Splunk. If an analysis report exceeds this size, it will be split into multiple parts. The report is split into its subreports (for child files). A request can contain one or multiple subreports, as long as its total size doesn’t exceed this limit. The report is never split by size alone - instead, complete subreports are always preserved and sent to Splunk. Default: 0 (disabled)
splunk.enabled	bool	false	Enable/disable Splunk integration.
splunk.host	string	""	Specify the hostname or IP address of the Splunk server that should connect to the Worker appliance.
splunk.https	bool	true	If set to true, HTTPS will be used for sending information to Splunk. If set to false, HTTP is used.
splunk.port	int	8088	Specify the TCP port of the Splunk server’s HTTP Event Collector.
splunk.reportType	string	"large"	Specifies which report_type is returned. By default or when empty, only the medium (summary) report is provided in the callback response. Set to small, medium or large to view results of filtering the full report.
splunk.sslVerify	bool	false	If HTTPS is enabled, setting this to true enables certificate verification.
splunk.timeout	int	5	Specify how many seconds to wait for a response from the Splunk server before the request fails. If the request fails, the report will not be uploaded to the Splunk server, and an error will be logged. The timeout value must be greater than or equal to 1, and not greater than 999.
splunk.topContainerOnly	bool	false	Whether or not Splunk should receive the report for the top (parent) file only. If set to true, no subreports will be sent.
splunk.view	string	""	Specifies whether a custom Report View should be applied to the file analysis report and returned in the response.
strings	object	-	Configure the output of strings extracted from files during Spectra Core static analysis.
strings.enableStringExtraction	bool	false	If set to true, user-provided criteria for string extraction will be used.
strings.maxLength	int	32768	Maximum number of characters in strings.
strings.minLength	int	4	Minimum number of characters in strings. Strings shorter than this value are not extracted.
strings.unicodePrintable	bool	false	Specify whether strings are Unicode printable or not.
strings.utf16be	bool	true	Allow/disallow extracting UTF-16BE strings.
strings.utf16le	bool	true	Allow/disallow extracting UTF-16LE strings.
strings.utf32be	bool	false	Allow/disallow extracting UTF-32BE strings.
strings.utf32le	bool	false	Allow/disallow extracting UTF-32LE strings.
strings.utf8	bool	true	Allow/disallow extracting UTF-8 strings.
ticore	object	-	Configures cloud options supported by Spectra Core. Worker must be connected to Spectra Intelligence for these settings to take effect.
ticore.maxDecompressionFactor	float	1.0	Decimal value between 0 and 999.9. If multiple decimals are given, it will be rounded to one decimal. Used to protect the user from intentional or unintentional archive bombs, terminating decompression if size of unpacked content exceeds a set quota.
ticore.mwpExtended	bool	false	Enable/disable information from antivirus engines in Spectra Intelligence.
ticore.mwpGoodwareFactor	int	2	Determines when a file classified as KNOWN in Spectra Intelligence Cloud is classified as Goodware by Spectra Core. By default, all KNOWN cloud classifications are converted to Goodware. Supported values are 0 - 5, where zero represents the best trust factor (highest confidence that a sample contains goodware). Lowering the value reduces the number of samples classified as goodware. Samples with a trust factor above the configured value are considered UNKNOWN.
ticore.processingMode	string	"best" (LargeWorker: "fast")	Determines which file formats are unpacked by Spectra Core for detailed analysis. "best" fully processes all supported formats; "fast" processes a limited set.
ticore.useXref	bool	false	Enabling XREF service will enrich analysis reports with cross-reference metadata like AV scanner results.
unpackedAdl	object	-	Settings for storing extracted files in an Azure Data Lake container.
unpackedAdl.archiveUnpacked	bool	true	Enable sending a single, smaller archive of unpacked files to ADL instead of each unpacked file.
unpackedAdl.container	string	""	Specify the name of the Azure Data Lake container where extracted files will be saved. Required when this feature is enabled.
unpackedAdl.enabled	bool	false	Enable/disable storing extracted files to ADL.
unpackedAdl.folder	string	""	Specify the name of a folder in the configured Azure container where extracted files will be stored. If the folder name is not provided, files are stored into the root of the configured container.
unpackedAdl.folderOption	string	"date_based"	Select the naming pattern that will be used when automatically creating subfolders for storing analyzed files. Supported options are: date_based (YYYY/mm/dd/HH), datetime_based (YYYY/mm/dd/HH/MM/SS), and sha1_based (using the first 4 characters of the file hash).
unpackedMsGraph	object	-	Settings for storing extracted files to Microsoft Cloud Storage.
unpackedMsGraph.archiveUnpacked	bool	true	Enable sending a single, smaller archive of unpacked files to Microsoft Cloud Storage instead of each unpacked file.
unpackedMsGraph.enabled	bool	false	Enable/disable storing extracted files.
unpackedMsGraph.folder	string	""	Folder where unpacked files will be stored on the Microsoft Cloud Storage. If the folder name is not provided, files are stored into the root of the configured container.
unpackedMsGraph.folderOption	string	"date_based"	Select the naming pattern that will be used when automatically creating subfolders for storing analyzed files. Supported options are: date_based (YYYY/mm/dd/HH), datetime_based (YYYY/mm/dd/HH/MM/SS), and sha1_based (using the first 4 characters of the file hash).
unpackedS3	object	-	Settings for storing extracted files to S3 container.
unpackedS3.archiveUnpacked	bool	true	Enable sending a single, smaller archive of unpacked files to S3 instead of each unpacked file.
unpackedS3.bucketName	string	""	Specify the name of the S3 container where extracted files will be saved. Required when this feature is enabled.
unpackedS3.enabled	bool	false	Enable/disable storing extracted files in S3.
unpackedS3.folder	string	""	Specify the name of a folder in the configured S3 container where extracted files will be stored. If the folder name is not provided, files are stored into the root of the configured container. The folder can be up to 1024 bytes long when encoded in UTF-8, and can contain letters, numbers and special characters: "!", "-", "_", ".", "*", "'", "(", ")", "/". It must not start or end with a slash or contain leading or trailing spaces. Consecutive slashes ("//") are not allowed.
unpackedS3.folderOption	string	"date_based"	Select the naming pattern that will be used when automatically creating subfolders for storing analyzed files. Supported options are: date_based (YYYY/mm/dd/HH), datetime_based (YYYY/mm/dd/HH/MM/SS), and sha1_based (using the first 4 characters of the file hash).
wordlist	list	-	List of passwords for protected files.

Configmap Configuration values for Worker - Bucket Mapping Structure

Key	Type	Default	Description
bucketMapping[n]	list	-	Bucket Mapping Structure - list of S3 input buckets mapped to output buckets.
bucketMapping[n].advancedFilterName	string	""	Advanced filter name to apply. If global filter is on (s3.advancedFilterEnabled or reportS3.advancedFilterEnabled is true), it is not possible to add the filter, it has to be "".
bucketMapping[n].inputBucket	string	""	Input bucket name.
bucketMapping[n].outputBucket	string	""	Output bucket name. If the output bucket is empty, any sample uploaded from the specified input bucket will be ignored.

Configmap Configuration values for Worker - Connection Method Bucket Mapping Structure

Key	Type	Default	Description
bucketS3ConnectionMapping[n]	list	-	Connection Method Bucket Mapping Structure
bucketS3ConnectionMapping[n].awsConnectionStrategy	string	"standard"	Strategy of connection to AWS. Allowed values: 'standard' and 'ARN'.
bucketS3ConnectionMapping[n].buckets	list	[]	List of buckets for which the given connection info is valid. Required if s3 connection bucket mapping is used.
bucketS3ConnectionMapping[n].caPath	string	"/etc/pki/tls/certs/ca-bundle.crt"	Path on the file system pointing to the certificate of a custom (self-hosted) S3 server.
bucketS3ConnectionMapping[n].endpointUrl	string	""	Only required in non-AWS setups to store files to an S3-compatible server. When this parameter is left blank, the default value is used (https://aws.amazonaws.com). Supported pattern(s): https?://.+".
bucketS3ConnectionMapping[n].externalRoleId	string	""	The external ID of the role that will be assumed. This can be any string. Usually, it’s an ID provided by the entity which uses (but doesn’t own) an S3 bucket. The owner of that bucket takes that external ID and builds an ARN with it.
bucketS3ConnectionMapping[n].identifier	string	""	Unique name of the S3 connection bucket mapping. Required if S3 connection bucket mapping is used. Important for creating secrets that contain AWS credentials.
bucketS3ConnectionMapping[n].maxReattempts	int	5	Maximum number of retries when saving a report to an S3-compatible server.
bucketS3ConnectionMapping[n].refreshBuffer	int	5	Number of seconds to fetch a new ARN token before the token timeout is reached.
bucketS3ConnectionMapping[n].region	string	"us-east-1"	Specify the correct AWS geographical region where the S3 bucket is located. Required parameter, ignored for non-AWS setups.
bucketS3ConnectionMapping[n].roleArn	string	""	The role ARN created using the external role ID and an Amazon ID. In other words, the ARN which allows a Worker to obtain a temporary token, which then allows it to save to S3 buckets without a secret access key.
bucketS3ConnectionMapping[n].roleSessionName	string	"ARNRoleSession"	Name of the session visible in AWS logs; can be any string.
bucketS3ConnectionMapping[n].serverSideEncryption	string	""	Specify the encryption algorithm used on the target S3 bucket (e.g. aws:kms or AES256).
bucketS3ConnectionMapping[n].sslVerify	bool	false	Enable/disable SSL verification.
bucketS3ConnectionMapping[n].stsConnectionStrategy	string	"default"	Strategy for role assumption. Allowed values: 'default' (uses data set in the AWS section) and 'custom' (new AWS data is needed).
bucketS3ConnectionMapping[n].tokenDuration	int	900	Time before the authentication token expires and is refreshed. Minimum: 900 seconds.

Other Values

Key	Type	Default	Description
affinity	object	{}
autoscaling.enabled	bool	false
autoscaling.maxReplicas	int	8
autoscaling.minReplicas	int	1
autoscaling.targetCPUUtilizationPercentage	int	0
autoscaling.targetInputQueueSize	int	100
autoscaling.targetMemoryUtilizationPercentage	int	0
c1000.releaseName	string	nil	Sets the Spectra Detect Manager release that the Detect Worker should connect to.
c1000.releaseNamespace	string	""	Sets the Spectra Detect Manager release namespace. Leave blank to use the current namespace.
filebeat.config	string	nil	Overrides the Filebeat configuration.
filebeat.enable	bool	true
filebeat.image	string	"docker.elastic.co/beats/filebeat"
filebeat.output.console.pretty	bool	false
filebeat.resources.limits.cpu	string	"1000m"
filebeat.resources.limits.memory	string	"1500Mi"
filebeat.resources.requests.cpu	string	"100m"
filebeat.resources.requests.memory	string	"100Mi"
filebeat.tag	string	"8.12.0"
fullnameOverride	string	""
image.pullPolicy	string	"Always"
image.repository	string	"registry.reversinglabs.com/detect/images/detect-worker-mono"
image.tag	string	"5.5.1"
imagePullSecrets[0].name	string	"rl-registry-key"
ingress.annotations	object	{}
ingress.className	string	"nginx"
ingress.enabled	bool	false
ingress.host	string	nil
ingress.paths[0].path	string	"/"
ingress.paths[0].pathType	string	"Prefix"
ingress.tls.certificateArn	string	""
ingress.tls.issuer	string	""
ingress.tls.issuerKind	string	"Issuer"
ingress.tls.secretName	string	"tls-tiscale-worker"
nameOverride	string	""
nodeSelector	object	{}
persistence	object	-	Persistence values configure options for the PersistentVolumeClaim used for storing samples and reports.
persistence.accessModes	list	["ReadWriteMany"]	Access mode. When using multiple Workers or autoscaling, set the value to ["ReadWriteMany"].
persistence.requestStorage	string	"10Gi"	Requested storage.
persistence.storageClassName	string	nil	Storage class name. When using multiple Workers or autoscaling, the storage class must support "ReadWriteMany".
podAnnotations	object	{}
podSecurityContext	object	{}
postgres.affinity	object	{}
postgres.createUserSecret	bool	true	A user secret will be created automatically with the given username and password; otherwise, the secret must already exist.
postgres.database	string	"tiscale"	Database name
postgres.host	string	""	Host for external PostgreSQL. When configured, the Detect PostgreSQL cluster won't be created.
postgres.password	string	"tiscale_11223"	Password
postgres.persistence.accessModes[0]	string	"ReadWriteOnce"
postgres.persistence.requestStorage	string	"5Gi"
postgres.persistence.storageClassName	string	nil
postgres.port	int	5432	PostgreSQL port.
postgres.replicas	int	1	Number of replicas.
postgres.resources.limits.cpu	string	nil
postgres.resources.limits.memory	string	nil
postgres.resources.requests.cpu	string	"500m"
postgres.resources.requests.memory	string	"1Gi"
postgres.username	string	"tiscale"	Username. Required if host is not set, because the Detect PostgreSQL cluster will be created and this user will be set as the database owner.
rabbitmq.affinity	object	{}
rabbitmq.createManagementAdminSecret	bool	true	A user management admin secret will be created automatically with given admin username and admin password; otherwise, the secret must already exist.
rabbitmq.createUserSecret	bool	true	A user secret will be created automatically with the given username and password; otherwise, the secret must already exist.
rabbitmq.host	string	""	Host for external RabbitMQ. When configured, the Detect RabbitMQ cluster won't be created.
rabbitmq.managementAdminPassword	string	""	Management admin password. If left empty, defaults to password.
rabbitmq.managementAdminUrl	string	""
rabbitmq.managementAdminUsername	string	""	Management admin username. If left empty, defaults to username.
rabbitmq.password	string	"guest_11223"	Password
rabbitmq.persistence.requestStorage	string	"5Gi"
rabbitmq.persistence.storageClassName	string	nil
rabbitmq.port	int	5672	RabbitMQ port
rabbitmq.replicas	int	1	Number of replicas
rabbitmq.resources.limits.cpu	string	"2"
rabbitmq.resources.limits.memory	string	"2Gi"
rabbitmq.resources.requests.cpu	string	"1"
rabbitmq.resources.requests.memory	string	"2Gi"
rabbitmq.useQuorumQueues	bool	false	Setting this to true defines queues as quorum type (recommended for multi-replica/HA setups); otherwise, queues are classic.
rabbitmq.useSecureProtocol	bool	false	Setting this to true enables the secure AMQPS protocol for the RabbitMQ connection.
rabbitmq.username	string	"guest"	Username
rabbitmq.vhost	string	""	Vhost. When empty, the default rl-detect vhost is used.
rabbitmq.vhostLarge	string	""	Vhost used for the Large Spectra Detect Worker. It should differ from the Vhost in the Large Worker configuration. When empty, the default rl-detect-large vhost is used.
replicaCount	int	1
report.networkReputation	bool	false	If enabled, analysis reports include a top-level network_reputation object with reputation information for every extracted network resource. For this feature, Spectra Intelligence must be configured on the Worker, and the ticore.processingMode option must be set to "best".
resources.requests.cpu	string	"1000m"
resources.requests.memory	string	"4Gi"
securityContext.capabilities.add[0]	string	"SYS_NICE"
securityContext.privileged	bool	false
service.httpPort	int	80
service.httpsPort	int	443
service.type	string	"ClusterIP"
tcScratch	object	-	tcScratch values configure generic ephemeral volume options for the Spectra Core /tc-scratch directory.
tcScratch.accessModes	list	["ReadWriteOnce"]	Access modes.
tcScratch.freeThreshold	string	"5Gi"	Threshold for triggering cleanup when free space in tc-scratch falls below this value.
tcScratch.requestStorage	string	"10Gi"	Requested storage size for the ephemeral volume.
tcScratch.storageClassName	string	nil	Sets the storage class for the ephemeral volume. If not set, emptyDir is used instead of an ephemeral volume.
tolerations	list	[]
worker.config.health.queue_high	int	5000
worker.config.scaling.concurrency_count	int	8
worker.config.scaling.load_size	int	8
worker.config.scaling.postprocessing	int	2
worker.config.scaling.processing	int	1
worker.largeFileProxy	bool	false	Forwards large files to a Large File Worker for processing. Set to true if you are using the Large File Worker feature.
worker.largeFileWorker	bool	false	Set to true if deploying a Helm release for a Large File Worker deployment. For a regular Worker deployment, leave false.
worker.mainReleaseName	string	nil	Name of the main tiscale-worker release that forwards large files.

---

Spectra Detect Hub

TiScale Hub Helm chart for Kubernetes

Configmap configuration secrets

Secret	Type	Description
release_name-secret-connector-connector_name-input_identifier	required	Basic authentication secret which contains username and password for the connector. For each connector input secret has to be created and it needs to contain identifier in its name.
release_namespace-secret-worker-api-token	optional	Token secret which contains worker api token. Required when worker api token is set up on Worker.

Values

Configmap Configuration values

Key	Type	Default	Description
appliance.configMode	string	"STANDARD"	Configuration mode of the appliance. Allowed values: CONFIGMAP (configuration is provided with configmap), STANDARD (configuration is provided over UI).

Configmap Configuration values for all connectors

Key	Type	Default	Description
connectors	list	[]	List of connectors
connectors[n].enable	bool	false	Enable/disable connector.
connectors[n].name	string	""	Name of the connector. Currently supported values: s3 and smtp. Configuration values differ for each connector.

Configmap Configuration values for S3 connector

Key	Type	Default	Description
connectors[n].dbCleanupPollInterval	int	3600	Period in seconds during which a database cleanup is run.
connectors[n].dbCleanupSampleThresholdInDays	int	21	Number of days for which data is preserved.
connectors[n].diskHighPercent	int	0	Disk high is used to compute the maximum amount of disk space that can be used by temporary files during transfer. Set it to 0 to disable it.
connectors[n].inputs	list	[]	List of inputs. Possible configuration values can be found under Configmap Configuration values for S3 connector input.
connectors[n].maxFileSize	int	0	Maximum sample size in megabytes that is transmitted from the connector to the appliance for analysis. Set it to 0 to disable it.
connectors[n].maxUploadDelayTime	int	10000	Delay in seconds. In case the Worker cluster is under high load, this parameter is used to delay new uploads to it. The delay parameter is multiplied by an internal factor determined by the load on the Worker cluster.
connectors[n].maxUploadRetries	int	100	Number of times the connector attempts to upload a file to the processing appliance. Upon reaching the maximum number of retries, it is either saved in the error_files/destination or discarded.
connectors[n].saveFilesWithError	bool	false	Original files that were not successfully uploaded are saved to /data/connectors/connector-s3/error_files/.
connectors[n].uploadTimeout	int	10000	Period in milliseconds between reupload attempts of a sample.
connectors[n].uploadTimeoutAlgorithm	string	"exponential"	Algorithm used for managing delays between reuploading a sample into the processing appliance. Use exponential to double the max upload timeout parameter until it reaches the max value of 5 minutes. Use linear to always use the max upload timeout value as the timeout period between reuploads.

Configmap Configuration values for S3 connector input

Key	Type	Default	Description
connectors[n].inputs[n].awsArnTokenDuration	int	900	Period in seconds before the authentication token expires and is refreshed.
connectors[n].inputs[n].awsEnableArn	bool	false	Enable/disable role ARN.
connectors[n].inputs[n].awsExternalRoleId	string	""	The external ID used to assume the AWS role.
connectors[n].inputs[n].awsRoleArn	string	""	The ARN of the AWS role to be assumed. The trust policy for this role must include the specified Amazon ID and external ID.
connectors[n].inputs[n].awsRoleSessionName	string	"ARNRoleSession"	Name of the session visible in AWS logs.
connectors[n].inputs[n].bucket	string	""	Specify an existing S3 bucket containing the samples to process. Required value.
connectors[n].inputs[n].deleteSourceFile	bool	false	Allow the connector to delete source files in S3 storage after they have been processed.
connectors[n].inputs[n].endpoint	string	""	Enter a custom S3 endpoint URL. Leave empty if using standard AWS S3.
connectors[n].inputs[n].folder	string	""	Specify an input folder inside the bucket containing the samples to process. All other samples are ignored.
connectors[n].inputs[n].identifier	string	""	Unique input identifier. Required value that must also be included in the AWS credentials secret. Minimum 3 characters.
connectors[n].inputs[n].knownBucket	string	""	Specify the bucket for the connector to store files classified as "Goodware". If empty, the input bucket is used.
connectors[n].inputs[n].knownDestination	string	"goodware"	Specify the folder for the connector to store files classified as "Goodware". The folder is contained within the specified bucket field.
connectors[n].inputs[n].maliciousBucket	string	""	Specify the bucket for the connector to store files classified as "Malicious". If empty, the input bucket is used.
connectors[n].inputs[n].maliciousDestination	string	"malware"	Specify the folder for the connector to store files classified as "Malicious". The folder is contained within the specified bucket field.
connectors[n].inputs[n].objectMetadataFilter	object	-	Configure selection criteria using metadata.
connectors[n].inputs[n].objectMetadataFilter.classification	list	[]	Classification.
connectors[n].inputs[n].objectMetadataFilter.enabled	bool	false	Enable/disable selection criteria using metadata.
connectors[n].inputs[n].objectMetadataFilter.threatName	list	[]	Threat name.
connectors[n].inputs[n].paused	bool	false	Temporarily pause the continuous scanning of this storage input.
connectors[n].inputs[n].postActionsEnabled	bool	false	Allow the connector to store analyzed files and sort them into folders based on their classification.
connectors[n].inputs[n].priority	int	5	Assign a priority for processing files from this bucket on a scale of 1 (highest) to 5 (lowest). Multiple buckets may share the same priority.
connectors[n].inputs[n].requireAnalyze	bool	false	Allow any duplicate file hashes to be rescanned.
connectors[n].inputs[n].serverSideEncryption	string	""	Server Side Encryption (SSE) Type. This field can be left blank unless a bucket policy requires that SSE headers be sent to S3. Valid options are 'AES256' or 'aws:kms'.
connectors[n].inputs[n].serverSideEncryptionCustomerAlgorithm	string	""	Customer-provided encryption algorithm. Must be AES256.
connectors[n].inputs[n].serverSideEncryptionCustomerKey	string	""	Customer-provided encryption key.
connectors[n].inputs[n].suspiciousBucket	string	""	Specify the bucket for the connector to store files classified as "Suspicious". If empty, the input bucket is used.
connectors[n].inputs[n].suspiciousDestination	string	"suspicious"	Specify the folder for the connector to store files classified as "Suspicious". The folder is contained within the specified bucket field.
connectors[n].inputs[n].unknownBucket	string	""	Specify the bucket for the connector to store files classified as "Unknown". If empty, the input bucket is used.
connectors[n].inputs[n].unknownDestination	string	"unknown"	Specify the folder for the connector to store files classified as "Unknown". The folder is contained within the specified bucket field.
connectors[n].inputs[n].verifySslCertificate	bool	true	Connect securely to the custom S3 instance. Deselect this to accept untrusted certificates. Applicable only when a custom S3 endpoint is entered.
connectors[n].inputs[n].zone	string	""	AWS S3 region.

Configmap Configuration values for SMTP connector

Key	Type	Default	Description
connectors[n].myNetworks	list	[]	List of authorized networks. Required when profileType is secure.
connectors[n].profileType	string	"default"	The SMTP Profile is used to determine the Postfix configuration options. Allowed values: 'default' (more open, but less secure), 'secure' (more closed, but more secure). For Strict (secure), you must add the list of trusted remote SMTP clients which will appear under 'mynetworks' in the Postfix configuration.

Other Values

Key	Type	Default	Description
c1000.releaseName	string	nil	Set Spectra Detect Manager release for Detect Hub to connect to
c1000.releaseNamespace	string	""	Set Spectra Detect Manager release namespace. Blank indicates current namespace
filebeat.config	string	nil	Overrides filebeat configuration
filebeat.enable	bool	true
filebeat.image	string	"docker.elastic.co/beats/filebeat"
filebeat.output.console.pretty	bool	false
filebeat.resources.limits.cpu	string	"1000m"
filebeat.resources.limits.memory	string	"1500Mi"
filebeat.resources.requests.cpu	string	"100m"
filebeat.resources.requests.memory	string	"100Mi"
filebeat.tag	string	"8.12.0"
fullnameOverride	string	""
icapConnector	object	-	Configuration of ICAP Connector service
icapConnector.service.annotations	object	{}	Additional annotations to add to the Service metadata
icapConnector.service.port	int	1344	Port
icapConnector.service.type	string	"ClusterIP"	Type of Kubernetes service to create
image.pullPolicy	string	"Always"
image.repository	string	"registry.reversinglabs.com/detect/images/detect-hub-mono"
image.tag	string	"latest-dev"
imagePullSecrets[0].name	string	"rl-registry-key"
nameOverride	string	""
persistence	object	-	persistance values configure options for PersistentVolumeClaim used for storing samples
persistence.accessModes	list	["ReadWriteOnce"]	Access mode
persistence.requestStorage	string	"10Gi"	Request Storage
persistence.storageClassName	string	nil	Storage class name
podAnnotations	object	{}
podSecurityContext	object	{}
resources.limits.memory	string	"4Gi"
resources.requests.cpu	string	"1000m"
resources.requests.memory	string	"4Gi"
securityContext.capabilities.add[0]	string	"SYS_NICE"
securityContext.capabilities.add[1]	string	"NET_ADMIN"
securityContext.capabilities.add[2]	string	"SYS_ADMIN"
securityContext.privileged	bool	false
service.httpPort	int	80
service.httpsPort	int	443
service.type	string	"ClusterIP"
serviceAccount.annotations	object	{}
serviceAccount.create	bool	true
serviceAccount.name	string	nil
smtpConnector	object	-	Configuration of SMTP Connector service
smtpConnector.service.annotations	object	{}	Additional annotations to add to the Service metadata
smtpConnector.service.port	int	25	Port
smtpConnector.service.type	string	"ClusterIP"	Type of Kubernetes service to create
smtpConnector.ssl.crtFile	string	""	Path to the SSL certificate file. Used if SSL/TLS termination is required.
smtpConnector.ssl.keyFile	string	""	Path to the SSL private key file. Used together with crtFile for enabling SSL/TLS.
worker.hostname	string	""	Set Worker hostname. If empty, tiscale-worker LoadBalancer Service will be created
worker.releaseName	string	nil	Set Spectra Detect Worker release for Detect Hub to connect to
worker.service.httpPort	int	80	HTTP Port
worker.service.httpsPort	int	443	HTTPS Port
worker.service.type	string	"LoadBalancer"	Type of Kubernetes service to create

---