default-config.yaml

application:
  name: RansomwareDetector
  version: 1.0.0
  environment: development
network:
  backend:
    host: 0.0.0.0
    port: 4100
  redis:
    host: localhost
    port: 6379
    db: 0
    password: null
    prefix: 'default:'
  frontend:
    host: localhost
    port: 4200
logging:
  level: 0
  console:
    enabled: true
    level: null
  file:
    enabled: false
    path: logs/application.log
    level: null
    max_size_mb: 10
    max_time_hours: null
    backup_count: 5
  format: '[%(levelname)-8s] [%(source)-15s] %(filename)s:%(lineno)-5s %(message)s'
tasks:
  FilesystemMonitor:
    enabled: false
    description: Monitors file system operations using ETW
    priority: high
  IOMonitor:
    enabled: false
    description: Monitors I/O operations and CPU usage
    priority: medium
  PerformanceMonitor:
    enabled: false
    description: Monitors system performance metrics
    priority: medium
  ProcessMonitor:
    enabled: false
    description: Monitors process creation and termination
    priority: high
  RegistryMonitor:
    enabled: false
    description: Monitors registry modifications
    priority: low
  TestMonitor:
    enabled: false
    description: Generates test alerts for development
    priority: low
whitelist:
  processes: null
  directories:
  - C:\Windows\System32\LogFiles\WMI\RtBackup\
  - C:\Users\MSI\AppData\
  - C:\Program Files\WindowsApps\
  - C:\Users\MSI\OneDrive\
  - C:\ProgramData\
  - C:\Device\
  - C:\Windows\Temp\
system_indexer:
  enabled: true
detection:
  entropy_threshold: 7.0
  file_operation_threshold: 50
  rapid_deletion_threshold: 20
  time_window_seconds: 10
  suspicion_score_alert_threshold: 70.0
  enable_machine_learning: false
  process_tree_cleanup_interval: 300
  max_events_per_process: 1000
response:
  auto_response_enabled: false