admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bdcb1b33dfab04eaeb6a759293c9222b65c5a10f
ghost/examples/ghost.toml
pandaadir05 96b0d12099 refactor: comprehensive codebase improvements and documentation 
- Enhanced error handling with expanded GhostError variants and From impls
- Fixed race conditions in TUI (ui.rs unwrap calls)
- Added comprehensive module documentation with doc comments
- Improved type safety with proper validation in DetectionConfig
- Implemented Linux process enumeration via procfs
- Refactored TUI for better state management and removed emojis
- Enhanced CLI with proper logging initialization
- Added example configuration file (examples/ghost.toml)
- Updated README with complete feature documentation
- Added performance optimizations (saturating arithmetic, reduced clones)
- Improved testing framework with proper struct initialization
- Added validation and preset modes to DetectionConfig
2025-11-17 21:28:37 +02:00

54 lines
1.4 KiB
TOML
Raw Blame History

# Ghost Detection Engine Configuration
# This file contains all configurable options for the detection engine.
# Enable or disable shellcode pattern detection
shellcode_detection = true
# Enable or disable process hollowing detection
hollowing_detection = true
# Enable or disable Windows hook injection detection
hook_detection = true
# Minimum confidence threshold for suspicious classification (0.0 - 1.0)
# Lower values are more sensitive but may produce false positives
confidence_threshold = 0.3
# Skip known safe system processes to improve performance
skip_system_processes = true
# Maximum memory size to scan per process in bytes (100MB default)
max_memory_scan_size = 104857600
# Enable thread behavior analysis
thread_analysis_enabled = true
# Enable evasion technique detection (anti-debugging, VM detection, etc.)
evasion_detection = true
# Enable MITRE ATT&CK framework mapping
mitre_mapping = true
# Scan interval in milliseconds for continuous monitoring
scan_interval_ms = 2000
# Optional process filter configuration
[process_filter]
# Whitelist: only scan these processes (empty means scan all)
whitelist = []
# Blacklist: never scan these processes
blacklist = []
# System processes to skip (Windows-specific)
system_processes = [
"csrss.exe",
"wininit.exe",
"winlogon.exe",
"dwm.exe",
"explorer.exe",
"smss.exe",
"services.exe",
"lsass.exe"
]
Reference in New Issue View Git Blame Copy Permalink