## For details of how to configure settings in this file, please see1## https://msticpy.readthedocs.io/en/latest/getting_started/msticpyconfig.html2##3QueryDefinitions:4AzureSentinel:5Workspaces:6# # Add your default workspace and tenant here (uncomment next 3 lines)7# Default:8# WorkspaceId: your-workspace-id9# TenantId: your-tenant-id10# # Add additional named workspaces here - you can use these in the notebook11# # with the syntax ws_config = WorkspaceConfig(workspace="WorkspaceAlpha")12# # Each section must have a unique name. You can have any number of13# # workspace definitions14# WorkspaceAlpha:15# WorkspaceId: alpha-workspace-id16# TenantId: alpha-tenant-id17TIProviders:18# # Threat Intel service parameters are added here19# # The Args section usually includes the authentication20# # parameters: AuthKey (the API key) and in some cases others21# # (e.g. XForce requires an ApiID key as well). The "AuthKey" name22# # will be mapped onto the name used by the service, you should not23# # to change this - e.g. some providers call this ApiKey.24# OTX:25# Args:26# AuthKey: OTX-API-Key27# Primary: True28# Provider: "OTX"29# VirusTotal:30# Args:31# AuthKey: VT-API-Key32# Primary: False33# Provider: "VirusTotal"34# XForce:35# Args:36# ApiID: XForce-API-ID37# AuthKey: XForce-Auth-Key38# Primary: True39# Provider: "XForce"40# AzureSentinel:41# # The Microsoft sentinel TI data can be in a different workspace42# # to the workspace where your data is. If it is different,43# # both workspaces must be in the same tenant. This is a limitation44# # of the Log Analytics client library.45# Args:46# workspace_id: your-workspace-id47# tenant_id: your-tenant-id48# Primary: True49# Provider: "AzSTI"50OtherProviders:51# # Other data providers52# GeoIPLite:53# Args:54# AuthKey:55# EnvironmentVar: "MAXMIND_AUTH"56# DBFolder: "~/.msticpy"57# Provider: "GeoLiteLookup"58# IPStack:59# Args:60# AuthKey:61# EnvironmentVar: "IPSTACK_AUTH"62# Provider: "IPStackLookup"6364