# SecuBox Security Threats Dashboard Configuration
# Auto-blocking rules and whitelist configuration

config global 'global'
	option enabled '1'
	option history_retention_days '7'
	option refresh_interval '10'
	option auto_block_enabled '1'
	option log_threats '1'

# High-priority: Block malware indicators
config block_rule 'malware_high'
	option name 'Block Malware Indicators'
	option enabled '1'
	option threat_types 'malware'
	option risk_flags 'MALICIOUS_JA3,SUSPICIOUS_DGA_DOMAIN,SUSPICIOUS_ENTROPY,POSSIBLE_EXPLOIT'
	option action 'ban'
	option duration '24h'
	option threshold '60'
	option description 'Automatically block hosts with malware signatures (JA3, DGA domains, suspicious entropy)'

# Medium-priority: Block web attacks
config block_rule 'web_attacks'
	option name 'Block Web Attacks'
	option enabled '1'
	option threat_types 'web_attack'
	option risk_flags 'URL_POSSIBLE_SQL_INJECTION,URL_POSSIBLE_XSS,URL_POSSIBLE_RCE_INJECTION'
	option action 'ban'
	option duration '12h'
	option threshold '40'
	option description 'Block SQL injection, XSS, and RCE attempts'

# Low-priority: Block protocol threats (disabled by default)
config block_rule 'protocol_threats'
	option name 'Block Unauthorized Protocols'
	option enabled '0'
	option threat_types 'protocol'
	option risk_flags ''
	option action 'ban'
	option duration '4h'
	option threshold '20'
	option description 'Block unauthorized protocols like BitTorrent, Mining, Tor (disabled by default)'

# Network anomalies (disabled by default - may generate false positives)
config block_rule 'network_anomalies'
	option name 'Block Network Anomalies'
	option enabled '0'
	option threat_types 'anomaly'
	option risk_flags 'RISKY_ASN,RISKY_DOMAIN,DNS_SUSPICIOUS_TRAFFIC'
	option action 'ban'
	option duration '6h'
	option threshold '50'
	option description 'Block connections from risky ASNs/domains and suspicious DNS traffic'

# Example whitelist entry (commented out)
# config whitelist 'admin_workstation'
# 	option ip '192.168.1.100'
# 	option reason 'Admin workstation - never block'
# 	option added_at '2026-01-07T15:00:00Z'
