Configuration¶
Configure BSOT with API keys and customize its behavior.
Configuration File¶
BSOT uses a YAML configuration file located at:
- Linux/macOS:
~/.config/bsot/config.yaml - Windows:
%APPDATA%\bsot\config.yaml
View Configuration Path¶
View Current Configuration¶
API Keys¶
BSOT integrates with several threat intelligence services. Add your API keys to enable full functionality.
Setting API Keys¶
# Via CLI
bsot config set virustotal_api_key YOUR_API_KEY
bsot config set abuseipdb_api_key YOUR_API_KEY
bsot config set greynoise_api_key YOUR_API_KEY
# View a specific key
bsot config get virustotal_api_key
Configuration File Format¶
# ~/.config/bsot/config.yaml
# Threat Intelligence APIs
virustotal_api_key: "your-virustotal-api-key"
abuseipdb_api_key: "your-abuseipdb-api-key"
greynoise_api_key: "your-greynoise-api-key"
otx_api_key: "your-otx-api-key"
ipinfo_token: "your-ipinfo-token"
# AI APIs
openai_api_key: "your-openai-api-key"
anthropic_api_key: "your-anthropic-api-key"
# Cloudflare (for IR containment)
cloudflare_api_token: "your-cloudflare-api-token"
cloudflare_zone_id: "your-zone-id"
# Sandbox APIs
hybrid_analysis_api_key: "your-ha-api-key"
malwarebazaar_api_key: "your-mb-api-key"
Environment Variables¶
API keys can also be set via environment variables:
export BSOT_VIRUSTOTAL_API_KEY="your-api-key"
export BSOT_ABUSEIPDB_API_KEY="your-api-key"
export BSOT_OPENAI_API_KEY="your-api-key"
Environment variables take precedence over the config file.
Getting API Keys¶
Free Tier APIs¶
| Service | Free Tier | Sign Up |
|---|---|---|
| VirusTotal | 500 req/day | virustotal.com |
| AbuseIPDB | 1000 req/day | abuseipdb.com |
| GreyNoise | 50 req/day | greynoise.io |
| OTX | Unlimited | otx.alienvault.com |
| IPInfo | 50k req/month | ipinfo.io |
AI APIs¶
| Service | Pricing | Sign Up |
|---|---|---|
| OpenAI | Pay-per-use | platform.openai.com |
| Anthropic | Pay-per-use | console.anthropic.com |
Cache Configuration¶
BSOT caches API responses to reduce rate limiting and improve performance.
View Cache Stats¶
Clear Cache¶
Cache Settings¶
# ~/.config/bsot/config.yaml
# Cache TTL in seconds (default: 3600 = 1 hour)
cache_ttl: 3600
# Cache directory (default: ~/.cache/bsot)
cache_dir: "~/.cache/bsot"
# Disable cache
cache_enabled: false
Output Configuration¶
Default Output Format¶
# Default output format for all commands
default_format: "text" # or "json"
# Disable colors
no_color: false
Per-Command Defaults¶
# Command-specific defaults
intel:
default_sources:
- virustotal
- abuseipdb
- greynoise
file:
default_hash_algorithm: "sha256"
Validation¶
Test your configuration:
Troubleshooting¶
"API key not configured"¶
Set the API key via CLI or config file:
"Rate limit exceeded"¶
Wait for the rate limit to reset, or:
- Upgrade to a paid API tier
- Reduce request frequency
- Enable caching to avoid duplicate requests
"Invalid API key"¶
Verify your API key is correct:
- Log into the service's web interface
- Regenerate the API key if needed
- Update your configuration