Configuration files
All Energy SOAR Base configuration files live under /etc/energysoar/:
/etc/energysoar/
|-- application.conf
|-- secret.conf
|-- application.conf.d/
| |-- authentication.conf
| |-- cortex.conf
| |-- database.conf
| |-- license.conf
| |-- misp.conf
| |-- n8n.conf
| |-- reports.conf
| |-- rocketchat.conf
| |-- service.conf
| |-- ssl.conf
| |-- storage.conf
| |-- webhook.conf
|-- logback.xml
The application.conf file contains only include directives:
include "/etc/energysoar/secret.conf"
include "/etc/energysoar/application.conf.d/service.conf"
include "/etc/energysoar/application.conf.d/ssl.conf"
include "/etc/energysoar/application.conf.d/database.conf"
include "/etc/energysoar/application.conf.d/storage.conf"
include "/etc/energysoar/application.conf.d/authentication.conf"
include "/etc/energysoar/application.conf.d/cortex.conf"
include "/etc/energysoar/application.conf.d/misp.conf"
include "/etc/energysoar/application.conf.d/n8n.conf"
include "/etc/energysoar/application.conf.d/webhook.conf"
include "/etc/energysoar/application.conf.d/reports.conf"
include "/etc/energysoar/application.conf.d/license.conf"
include "/etc/energysoar/application.conf.d/rocketchat.conf"
The format is HOCON (Human-Optimized Config Object Notation), a superset of JSON. After any change to a configuration file, restart the affected service:
systemctl restart energysoar
Secret key
secret.conf holds the Play framework secret used to sign user sessions:
## Play secret key
play.http.secret.key="dgngu325mbnbc39cxas4l5kb24503836y2vsvsg465989fbsvop9d09ds6df6"
Warning
Every Energy SOAR instance must use a unique secret key. In a cluster, all nodes must share the same key.
License
license.conf sets the directory where Energy SOAR looks for the license file:
license.path: "/etc/energysoar/"
The license file must be placed in that directory before starting the service. See the Installation page for license placement details.
Logging
logback.xml controls the log policy. The default configuration writes logs to
/var/log/energysoar/. Edit this file to change log levels or output destinations.
Config file reference
File |
Controls |
Detailed docs |
|---|---|---|
|
Auth methods (local, AD, LDAP, OAuth2, MFA) |
|
|
Automation connector URL, API key, and polling |
|
|
Cassandra and Elasticsearch connection settings |
|
|
Path to the license directory |
|
|
MISP server list, API keys, sync interval |
|
|
Workflow engine (n8n) URL and authentication token |
|
|
Report renderer settings (Chromium path and timeout) |
— |
|
Rocket.Chat server URL and credentials for the Chat feature |
— |
|
Play framework session signing key |
(this page) |
|
HTTP server settings: port, worker threads, request limits |
— |
|
TLS key and certificate paths for nginx |
|
|
Binary file storage backend (local filesystem or HDFS) |
|
|
Outbound webhook endpoint registration and activation |
Live update stream
The Energy SOAR UI refreshes automatically when data changes in the back-end. It does this through long polling: the browser keeps an open HTTP connection and the server pushes a response as soon as a new event is available.
The default settings work for most deployments:
stream.longPolling {
refresh = 1m # close connection if no event arrives within this period
keepAlive = 5m # destroy the poll session after this period of inactivity
maxWait = 1s # hard upper limit on batching delay
}
Place overrides in /etc/energysoar/application.conf.d/service.conf.
If the UI shows repeated StreamSrv 504 Gateway Time-Out popups, the Nginx
proxy is closing idle connections before the long-poll cycle completes. Set
refresh to a value shorter than Nginx’s proxy_read_timeout:
stream.longPolling.refresh = 45s
Restart Energy SOAR Base after changes:
systemctl restart energysoar