Resilient Circuits Custom Threat Service
Project description
Resilient Lightweight Custom Threat Service
This package implements the Custom Threat Service API, providing a simple framework to develop threat source lookups in Python using the Resilient Circuits integration framework.
It's suitable for simple "lightweight" threat source lookups.
- All lookups are asynchronous.
- There is currently no support for file-attachment handling.
- Queries are not stored persistently, so if you need to track external resources (for example, if your threat service starts a long-running task such as sandbox processing) those will not be tracked across restarts.
For more robust and advanced features, you should consider deploying a standalone threat service, for example based on the Django example (https://github.com/ibmresilient/resilient-python-examples/tree/master/django-custom-threat-service).
What's new
v42 supports resutil threatserviceedit -user and -password authentication
Environment
This package requires that it is installed on a RHEL platform and that the resilient-circuits application is running.
Install this package with 'pip', or python setup.py install.
To set the config values in the app.config file run resilient-circuits config -u.
Config values example:
[custom_threat_service]
# Base URL for threat services API
urlbase=/cts
# Whether we support file upload (for "file"-type artifacts)
# upload_file=False
# Retry time indicators
#first_retry_secs=5
#later_retry_secs=60
#max_retries=60
# Cache management
#cache_size=10000
#cache_ttl=600000
# use auth_user and auth_password when specifying the -user and -password parameters on
# resutil threatserviceedit to ensure basic authentication
#auth_user=
#auth_password=
Run with: resilient-circuits run.
Custom Threat Service Example
This package includes an example threat service that responds to 'URL' artifacts with
static data. To register the example onto your Resilient server (assuming that the
resilient-circuits application is running on the same server):
sudo resutil threatserviceedit -name example -resturl http://127.0.0.1:9000/cts/example
sudo resutil threatservicetest -name example
To delete,
sudo resutil threatservicedel -name example
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file rc-cts-43.0.2419.tar.gz.
File metadata
- Download URL: rc-cts-43.0.2419.tar.gz
- Upload date:
- Size: 12.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.6.0 importlib_metadata/4.8.2 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.3 CPython/3.6.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
67a1ded31dda7d6b78e89ba6b3297b2d1ccbab8187df92a5aa48b339350db26a
|
|
| MD5 |
b7363bdf810dfc1640a8ccf190b3c9fa
|
|
| BLAKE2b-256 |
5390776ddbb18c9f53f9cf01ff594c7654ca8638ed4e42e113a3a2840a5e258d
|
