Azure-Sentinel/Tools/MITREATT&CK-LayerGeneration-Notebook/msticpyconfig.yaml

## For details of how to configure settings in this file, please see
## https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html
##
AzureSentinel:
  Workspaces:
    # # Add your default workspace and tenant here (uncomment next 3 lines)
    # Default:
    #   WorkspaceId: your-workspace-id
    #   TenantId: your-tenant-id
    # # Add additional named workspaces here - you can use these in the notebook
    # # with the syntax ws_config = WorkspaceConfig(workspace="WorkspaceAlpha")
    # # Each section must have a unique name. You can have any number of 
    # # workspace definitions
    # WorkspaceAlpha:
    #   WorkspaceId: alpha-workspace-id
    #   TenantId: alpha-tenant-id
TIProviders:
  # # Threat Intel service parameters are added here
  # # The Args section usually includes the authentication
  # # parameters: AuthKey (the API key) and in some cases others 
  # # (e.g. XForce requires an ApiID key as well). The "AuthKey" name
  # # will be mapped onto the name used by the service, you should not
  # # to change this - e.g. some providers call this ApiKey. 
  # OTX:
  #   Args:
  #     AuthKey: OTX-API-Key
  #   Primary: True
  #   Provider: "OTX"
  # VirusTotal:
  #   Args:
  #     AuthKey: VT-API-Key
  #   Primary: False
  #   Provider: "VirusTotal"
  # XForce:
  #   Args:
  #     ApiID: XForce-API-ID
  #     AuthKey: XForce-Auth-Key
  #   Primary: True
  #   Provider: "XForce"
  # AzureSentinel:
  #  # The Azure sentinel TI data can be in a different workspace
  #  # to the workspace where your data is. If it is different,
  #  # both workspaces must be in the same tenant. This is a limitation
  #  # of the Log Analytics client library.
  #   Args:
  #     workspace_id: your-workspace-id
  #     tenant_id: your-tenant-id
  #   Primary: True
  #   Provider: "AzSTI"
OtherProviders:
  # # Other data providers
  # GeoIPLite:
  #   Args:
  #     AuthKey:
  #       EnvironmentVar: "MAXMIND_AUTH"
  #     DBFolder: "~/.msticpy"
  #   Provider: "GeoLiteLookup"
  # IPStack:
  #   Args:
  #     AuthKey:
  #       EnvironmentVar: "IPSTACK_AUTH"
  #   Provider: "IPStackLookup"