A plugin to enable indicators to be submitted to CIFv3 in real-time
Project description
Threat Bus CIFv3 Plugin
A Threat Bus plugin to push indicators from Threat Bus to Collective Intelligence Framework v3.
The plugin uses the cifsdk (v3.x) Python client to submit indicators received from Threat Bus into a CIFv3 instance.
The plugin breaks with the pub/sub architecture of Threat Bus, because CIF does not subscribe itself to the bus. Instead, the plugin actively contacts a CIF endpoint.
Installation
pip install threatbus-cif3
Configuration
Configure this plugin by adding a section to Threat Bus' config.yaml
file, as
follows:
...
plugins:
cif3:
api:
host: http://cif.host.tld:5000
ssl: false
token: CIF_TOKEN
group: everyone
confidence: 7.5
tlp: amber
tags:
- test
- malicious
...
Development Setup
The following guides describe how to set up local, dockerized instances of CIF.
Dockerized CIFv3
Use dockerized CIFv3 to set up a local CIFv3 environment:
Setup a CIFv3 docker container
git clone https://github.com/sfinlon/cif-docker.git
cd cif-docker
docker-compose build
Edit the docker-compose.yml
vim docker-compose.yml
Find the section cif
in the configuration and edit the following as
appropriate to bind port 5000 to your localhost:
cif:
...
ports:
- "5000:5000"
...
Start the container
docker-compose up -d
# Get an interactive shell in the container:
docker-compose exec cif /bin/bash
# Become the cif user:
su cif
# check to see if access tokens were successfully created. Copy the `admin`
# token to the CIF config section:
cif-tokens
# Ping the router to ensure connectivity:
cif --ping
License
Threat Bus comes with a 3-clause BSD license.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for threatbus-cif3-2021.12.16.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | d7b3ca84ae75639cd276c4235714702b6c926303f773559079a41fe0a5bfc01f |
|
MD5 | ccb0ee309e7c182d065591a2e4669a32 |
|
BLAKE2b-256 | 2e729d9d0eabc6c600e011cd39d8a305b2b54434f05778ee2485753cda1878ea |
Hashes for threatbus_cif3-2021.12.16-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 08b0e6e111ccf27c9e3f42d860eebd8c674d20b63c3d7f6df1b195aba8c72bb2 |
|
MD5 | c2052c9a8e99978625eab5129427c4ee |
|
BLAKE2b-256 | 0aa6287fe4135639bb6cd1442d9244dca4a363a8270bc77ab2f7d60def9478a8 |