A plugin to enable indicators to be submitted to CIFv3 in real-time

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tenzir from gravatar.com tenzir

Unverified details

These details have not been verified by PyPI
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD 3-clause)

Author: Michael Davis, derived from work by Tenzir

Tags cif, cifv3, cif3, renisac, ren-isac, MISP, threat intelligence, IDS, zeromq, zmq, kafka

Requires: Python >=3.6

Classifiers

Project description

Threat Bus CIFv3 Plugin

A Threat Bus plugin that enables communication to Collective Intelligence Framework v3.

Installation

pip install threatbus-cif3

Configuration

The plugin uses the cifsdk python client to submit indicators received on the threatbus into a CIF instance.

...
plugins:
  cif3:
    api:
      host: http://cif.host.tld:5000
      ssl: false
      token: CIF_TOKEN
    group: everyone
    confidence: 7.5
    tlp: amber
    tags:
      - test
      - malicious
...

Development Setup

The following guides describe how to set up local, dockerized instances of MISP.

Dockerized CIFv3

Use dockerized CIFv3 to set up a local CIFv3 environment:

Setup a CIFv3 docker container

git clone https://github.com/sfinlon/cif-docker.git
cd cif-docker
docker-compose build

Edit the docker-compose.yml

vim docker-compose.yml

Find the section cif in the configuration and edit the following as appropriate:

cif:
    ...
    ports:
      - "5000:5000"
    ...

Start the container

docker-compose up -d
# get an interactive shell
docker-compose exec cif /bin/bash
# become the cif user
su cif
# check to see if access tokens were successfully created
cif-tokens
# ping the router to ensure connectivity
cif --ping

License

Threat Bus comes with a 3-clause BSD license.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for tenzir from gravatar.com tenzir

Unverified details

These details have not been verified by PyPI
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: BSD License (BSD 3-clause)

Author: Michael Davis, derived from work by Tenzir

Tags cif, cifv3, cif3, renisac, ren-isac, MISP, threat intelligence, IDS, zeromq, zmq, kafka

Requires: Python >=3.6

Classifiers

Release history Release notifications | RSS feed

2022.5.16

2022.1.27

2021.12.16

2021.11.22

2021.11.18

2021.9.30

2021.8.26

2021.7.29

2021.6.24

2021.5.27

2021.4.29

2021.3.25

2021.2.24

2020.12.16

2020.11.26

2020.10.29

2020.9.30

2020.7.28

This version

2020.6.25

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

threatbus-cif3-2020.6.25.tar.gz (7.6 kB view hashes)

Uploaded Source

Built Distribution

threatbus_cif3-2020.6.25-py3-none-any.whl (6.8 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page