forked from thomasareed/pict
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sample_config.json
46 lines (42 loc) · 938 Bytes
/
sample_config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
{
"collection_dest" : "~/Desktop/",
"all_users" : true,
"collectors" : {
"fileinfo" : "FileInfoCollector",
"persist" : "PersistenceCollector",
"suspicious" : "SuspiciousBehaviorCollector",
"browser" : "BrowserExtCollector",
"browserhist" : "BrowserHistoryCollector",
"bash_config" : "BashConfigCollector",
"bash_hist" : "BashHistoryCollector",
"processes" : "ProcessCollector",
"network_config" : "NetworkConfigCollector",
"profiles" : "ProfileCollector",
"certs" : "TrustedCertCollector",
"installs" : "InstallationCollector",
"logs" : "LogCollector"
},
"settings" : {
"keepLSData" : true,
"zipIt" : true
},
"moduleSettings" : {
"browser" : {
"collectArtifacts" : true
},
"fileinfo" : {
"paths" : [
{
"path" : "/",
"ignoreRestricted" : true
}
]
},
"logs" : {
"unifiedLogArguments" : "--last 12h",
"collectAuditLogs" : true
}
},
"unused" : {
}
}