A plugin to enable indicators to be submitted to CIFv3 in real-time
Project description
Threat Bus CIFv3 Plugin
A Threat Bus plugin that enables communication to Collective Intelligence Framework v3.
Installation
pip install threatbus-cif3
Configuration
The plugin uses the cifsdk python client to submit indicators received on the threatbus into a CIF instance.
...
plugins:
cif3:
api:
host: http://cif.host.tld:5000
ssl: false
token: CIF_TOKEN
group: everyone
confidence: 7.5
tlp: amber
tags:
- test
- malicious
...
Development Setup
The following guides describe how to set up local, dockerized instances of MISP.
Dockerized CIFv3
Use dockerized CIFv3 to set up a local CIFv3 environment:
Setup a CIFv3 docker container
git clone https://github.com/sfinlon/cif-docker.git
cd cif-docker
docker-compose build
Edit the docker-compose.yml
vim docker-compose.yml
Find the section cif
in the configuration and edit the following as appropriate:
cif:
...
ports:
- "5000:5000"
...
Start the container
docker-compose up -d
# get an interactive shell
docker-compose exec cif /bin/bash
# become the cif user
su cif
# check to see if access tokens were successfully created
cif-tokens
# ping the router to ensure connectivity
cif --ping
License
Threat Bus comes with a 3-clause BSD license.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for threatbus_cif3-2020.9.30-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e1cc2254d870d8d3d9413b12cceff4b518f76d64b18396e348701337e34501c6 |
|
MD5 | 14f2bcdb53c55f66454e93702eb1011f |
|
BLAKE2b-256 | 642821ddb2951400117685c52443a71f989313981df3790e83bfb18b1915f861 |