Skip to main content

A plugin to enable indicators to be submitted to CIFv3 in real-time

Project description

Threat Bus CIFv3 Plugin

PyPI Status Build Status License

A Threat Bus plugin to push indicators from Threat Bus to Collective Intelligence Framework v3.

The plugin uses the cifsdk (v3.x) Python client to submit indicators received from Threat Bus into a CIFv3 instance.

The plugin breaks with the pub/sub architecture of Threat Bus, because CIF does not subscribe itself to the bus. Instead, the plugin actively contacts a CIF endpoint.

Installation

pip install threatbus-cif3

Configuration

Configure this plugin by adding a section to Threat Bus' config.yaml file, as follows:

...
plugins:
  cif3:
    api:
      host: http://cif.host.tld:5000
      ssl: false
      token: CIF_TOKEN
    group: everyone
    confidence: 7.5
    tlp: amber
    tags:
      - test
      - malicious
...

Development Setup

The following guides describe how to set up local, dockerized instances of CIF.

Dockerized CIFv3

Use dockerized CIFv3 to set up a local CIFv3 environment:

Setup a CIFv3 docker container

git clone https://github.com/sfinlon/cif-docker.git
cd cif-docker
docker-compose build

Edit the docker-compose.yml

vim docker-compose.yml

Find the section cif in the configuration and edit the following as appropriate to bind port 5000 to your localhost:

cif:
    ...
    ports:
      - "5000:5000"
    ...

Start the container

docker-compose up -d
# Get an interactive shell in the container:
docker-compose exec cif /bin/bash
# Become the cif user:
su cif
# check to see if access tokens were successfully created. Copy the `admin`
# token to the CIF config section:
cif-tokens
# Ping the router to ensure connectivity:
cif --ping

License

Threat Bus comes with a 3-clause BSD license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

threatbus-cif3-2022.5.16.tar.gz (5.3 kB view hashes)

Uploaded Source

Built Distribution

threatbus_cif3-2022.5.16-py3-none-any.whl (5.6 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page