Skip to main content

A plugin to enable indicators to be submitted to CIFv3 in real-time

Project description

Threat Bus CIFv3 Plugin

A Threat Bus plugin that enables communication to Collective Intelligence Framework v3.

Installation

pip install threatbus-cif3

Configuration

The plugin uses the cifsdk python client to submit indicators received on the threatbus into a CIF instance.

...
plugins:
  cif3:
    api:
      host: http://cif.host.tld:5000
      ssl: false
      token: CIF_TOKEN
    group: everyone
    confidence: 7.5
    tlp: amber
    tags:
      - test
      - malicious
...

Development Setup

The following guides describe how to set up local, dockerized instances of MISP.

Dockerized CIFv3

Use dockerized CIFv3 to set up a local CIFv3 environment:

Setup a CIFv3 docker container

git clone https://github.com/sfinlon/cif-docker.git
cd cif-docker
docker-compose build

Edit the docker-compose.yml

vim docker-compose.yml

Find the section cif in the configuration and edit the following as appropriate:

cif:
    ...
    ports:
      - "5000:5000"
    ...

Start the container

docker-compose up -d
# get an interactive shell
docker-compose exec cif /bin/bash
# become the cif user
su cif
# check to see if access tokens were successfully created
cif-tokens
# ping the router to ensure connectivity
cif --ping

License

Threat Bus comes with a 3-clause BSD license.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for threatbus-cif3, version 2020.7.28
Filename, size File type Python version Upload date Hashes
Filename, size threatbus_cif3-2020.7.28-py3-none-any.whl (6.8 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size threatbus-cif3-2020.7.28.tar.gz (7.8 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page