After you have installed the Capsule8 sensor, you can configure the sensor’s functionality.
By default, the Capsule8 sensor looks in /etc/capsule8 for a capsule8-sensor.yaml file. This file is not automatically created upon installation, but can be created by the user to store configuration values.
The sensor can also be run with environment variables via command line. Most configuration options for the sensor can be set either as a variable or a value in capsule8-sensor.yaml, as documented in the table in the following section. If a configuration variable is set in both capsule8-sensor.yaml and in the command line, the command line value overrides. If a configuration variable is not set, it reverts to the default value.
For example, to turn on debug mode for the sensor, either run sensor as sudo CAPSULE8_DEBUG=true capsule8-sensor or set the following in capsule8-sensor.yaml:
debug: true
If sudo CAPSULE8_DEBUG=true capsule8-sensor is run and the yaml is:
debug: false
then debug will be set to true, as the command line value overrides. If neither is set, then debug will be set to false, which is the default.
Note: /etc/capsule8 contains two configuration files: capsule8-sensor.yaml for sensor configuration and capsule8-analytics.yaml for detection content. See articles in "Setting Up Detections" for more documentation on managing detections.
Comments
0 comments
Please sign in to leave a comment.