A plugin to enable indicators to be submitted to CIFv3 in real-time
Project description
Threat Bus CIFv3 Plugin
A Threat Bus plugin that enables communication to Collective Intelligence Framework v3.
Installation
pip install threatbus-cif3
Configuration
The plugin uses the cifsdk python client to submit indicators received on the threatbus into a CIF instance.
...
plugins:
cif3:
api:
host: http://cif.host.tld:5000
ssl: false
token: CIF_TOKEN
group: everyone
confidence: 7.5
tlp: amber
tags:
- test
- malicious
...
Development Setup
The following guides describe how to set up local, dockerized instances of MISP.
Dockerized CIFv3
Use dockerized CIFv3 to set up a local CIFv3 environment:
Setup a CIFv3 docker container
git clone https://github.com/sfinlon/cif-docker.git
cd cif-docker
docker-compose build
Edit the docker-compose.yml
vim docker-compose.yml
Find the section cif
in the configuration and edit the following as appropriate:
cif:
...
ports:
- "5000:5000"
...
Start the container
docker-compose up -d
# get an interactive shell
docker-compose exec cif /bin/bash
# become the cif user
su cif
# check to see if access tokens were successfully created
cif-tokens
# ping the router to ensure connectivity
cif --ping
License
Threat Bus comes with a 3-clause BSD license.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for threatbus_cif3-2021.2.24-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | bc870a082c5be7773659ede367312d949c35a9eff0f9d584ee01ba13eeacc20c |
|
MD5 | 218e58b1dd38f08a6b3b1a92734521d9 |
|
BLAKE2b-256 | abf55ddfd626e3863792d47efe7f041f7ab7ec77afd4c04efd73f4bc95f6196a |