# ─────────────────────────────────────────────────────────────────────────────
# SIEM Toolkit — Environment Configuration
# ─────────────────────────────────────────────────────────────────────────────
# 1. Copy this file:   cp .env.example .env
# 2. Fill in values below (see comments for where to find each one)
# 3. Start the app:    docker-compose up -d --build
# ─────────────────────────────────────────────────────────────────────────────

# SentinelOne Management Console
# ─ URL: your console (e.g. https://demo.sentinelone.net)
# ─ Token: Settings → Users → Service Users → generate API token
S1_BASE_URL=https://demo.sentinelone.net
S1_API_TOKEN=

# Singularity Data Lake (SDL) — PowerQuery credentials
# ─ Console: Settings → Integrations → Data Lake API Keys
# ─ XDR URL: shown on the API Keys page (e.g. https://xdr.us1.sentinelone.net)
# ─ Log Read Key: copy the "Log Read" key from that page
SDL_XDR_URL=https://xdr.us1.sentinelone.net
SDL_LOG_READ_KEY=

# Anthropic (for Onboarding Accelerator AI features)
# ─ https://console.anthropic.com/settings/api-keys
ANTHROPIC_API_KEY=