mongoose.models.configuration

class mongoose.models.configuration.CacheConfiguration(*, severity=None)[source]

Bases: BaseModel

severity: CacheSeverityConfiguration | None: Top-level cache configuration. Currently only severity cache is supported.

class mongoose.models.configuration.CacheSeverityConfiguration(*, enable=True, max_size=1024, ttl_seconds=None)[source]

Bases: BaseModel

Configuration for the severity cache used for Suricata alerts.

enable: bool: Enable caching of severity values. Defaults to True.

max_size: int: Maximum number of entries to retain in the severity cache.

ttl_seconds: float | None: Optional TTL in seconds for severity entries. If omitted, entries do not expire by time.

class mongoose.models.configuration.CollectorConfiguration(*, suricata=None, nf_stream=None)[source]

Bases: BaseModel

nf_stream: NFStreamConfiguration | None

suricata: SuricataEveConfiguration | None

class mongoose.models.configuration.Configuration(*, collector, enrichment, forwarder, database_path=PosixPath('mongoose.db'), history=None, extra_configuration_dir=PosixPath('/var/lib/mongoose'), cache=None)[source]

Bases: BaseModel

Configuration for the Mongoose application.

cache: CacheConfiguration | None

collector: CollectorConfiguration

database_path: Path

enrichment: EnrichmentConfiguration

extra_configuration_dir: Path

forwarder: ForwarderConfiguration

history: HistoryConfiguration | None

class mongoose.models.configuration.DiscordForwarderConfiguration(*, url, headers=None, auth_type='none', auth_token=None, auth_header_name='X-API-Key', verify_ssl=True, retry_count=3, retry_delay=5.0, timeout=10.0, enable=False, topics=None, mode='immediate', bulk_size=10, periodic_interval=5.0, periodic_rate=10, username=None, avatar_url=None, allowed_mentions=None)[source]

Bases: WebhookForwarderConfiguration

Discord-specific forwarder configuration.

Inherits the generic webhook configuration and adds fields that are specific to Discord webhooks: username, avatar_url, and allowed_mentions to control mentions and avoid mass pings.

classmethod validate_allowed_mentions(v)[source]

allowed_mentions: Dict[str, List[str | int]]

Control which mentions are allowed by the webhook (see Discord docs).

Defaults to no parsing for safety (no @everyone/@here or role/user parsing).

avatar_url: str | None: URL for the avatar to be shown with the webhook message.

username: str | None: Override the displayed username for the webhook message.

class mongoose.models.configuration.EnrichmentConfiguration(*, geoip=None)[source]

Bases: BaseModel

geoip: GeoIPConfiguration | None

class mongoose.models.configuration.FileForwarderConfiguration(*, output_dir='output', topics=None, prefix='', enable=False)[source]

Bases: BaseModel

Configuration for the File Forwarder.

enable: bool: Enable the forwarder. Defaults to False.

output_dir: str: The directory where the files will be created.

prefix: str: Optional prefix for the filenames (e.g., “mongoose-“).

topics: List[str]: List of topics to forward (e.g., [“enriched-network-dpi”, “enriched-network-alert”]).

class mongoose.models.configuration.ForwarderConfiguration(*, file=None, webhooks=[], discord=[])[source]

Bases: BaseModel

discord: List[DiscordForwarderConfiguration] | None

file: FileForwarderConfiguration | None

webhooks: List[WebhookForwarderConfiguration] | None

class mongoose.models.configuration.GeoIPConfiguration(*, maxmind_db_path=PosixPath('/var/lib/GeoIP'), maxmind_db=['GeoLite2-ASN.mmdb', 'GeoLite2-City.mmdb', 'GeoLite2-Country.mmdb'], enable=True)[source]

Bases: BaseModel

enable: bool: Enable the GeoIP enrichment. Defaults to True.

maxmind_db: List[str]: The list of GeoIP databases to use.

maxmind_db_path: Path: The path to the GeoIP databases.

class mongoose.models.configuration.HistoryConfiguration(*, max_records=None, max_duration_days=14, enable=True)[source]

Bases: BaseModel

Configuration for history limiting in the database.

enable: bool: Enable history limiting. Defaults to True.

max_duration_days: int: Maximum duration to keep records in days.

max_records: int | None: Maximum number of records to keep in each table.

class mongoose.models.configuration.NFStreamConfiguration(*, active_timeout=120, interface, max_nflows=0, enable=True)[source]

Bases: BaseModel

Configuration for the NFStream collector.

active_timeout: int: Time in seconds before an active flow is considered expired. Defaults to 120 (2 minutes).

enable: bool: Enable the NFStream collector. Defaults to True.

interface: str: Network interface to capture from (required).

max_nflows: int: Maximum number of flows to be captured. Defaults to 0 (unlimited).

class mongoose.models.configuration.SuricataEveConfiguration(*, socket_path=PosixPath('/run/suricata.socket'), collect_alerts=True, collect_netflow=False, enable=True)[source]

Bases: BaseModel

A configuration for the Suricata EVE collector.

collect_alerts: bool: Enable the alerts collector. Defaults to True.

collect_netflow: bool: Enable the netflow collector. Defaults to False.

enable: bool: Enable the Suricata EVE collector. Defaults to True.

socket_path: Path: Specifies whether the Suricata EVE collector is disabled. Defaults to False.

class mongoose.models.configuration.WebhookForwarderConfiguration(*, url, headers=None, auth_type='none', auth_token=None, auth_header_name='X-API-Key', verify_ssl=True, retry_count=3, retry_delay=5.0, timeout=10.0, enable=False, topics=None, mode='immediate', bulk_size=10, periodic_interval=5.0, periodic_rate=10)[source]

Bases: BaseModel

Configuration for the Webhook Forwarder.

This class defines the destination, authentication, and reliability settings for forwarding network events via webhooks.

Security considerations:

auth_token: Stored as a SecretStr to ensure it is masked when the model is printed or logged. Always use get_secret_value() to access it.
verify_ssl: Defaults to True. Disabling this is a security risk as it allows man-in-the-middle attacks. Only disable it for testing with self-signed certificates in controlled environments.
URL: Ensure the url uses https:// for encrypted transport of potentially sensitive network data.

classmethod validate_auth_token(v, values)[source]

classmethod validate_auth_type(v)[source]

classmethod validate_mode(v)[source]

auth_header_name: str: Name of the header if auth_type is ‘header’.

auth_token: SecretStr | None: Credentials such as API key or token.

auth_type: str: Type of authentication (‘none’, ‘basic’, ‘bearer’, ‘header’).

bulk_size: int: Maximum number of items to batch in ‘bulk’ mode. Defaults to 10.

enable: bool: Enable the forwarder. Defaults to False.

headers: Dict[str, str]: Optional dictionary of additional HTTP headers to include in requests.

mode: str: Forwarding mode (‘immediate’, ‘bulk’, ‘periodic’). Defaults to ‘immediate’.

periodic_interval: float: Time interval in seconds between sends in ‘periodic’ mode. Defaults to 5.0.

periodic_rate: int: Maximum number of items to send per interval in ‘periodic’ mode. Defaults to 10.

retry_count: int: Number of retries for failed requests. Defaults to 3.

retry_delay: float: Delay between retries in seconds. Defaults to 5.0.

timeout: float: Request timeout in seconds. Defaults to 10.0.

topics: List[str]: List of topics to forward. Defaults to [“enriched-network-dpi”, “enriched-network-alert”].

url: HttpUrl | str: The destination URL for the webhook (must be a valid HTTP/HTTPS URL).

verify_ssl: bool: Whether to verify SSL certificates. Defaults to True.