-
Notifications
You must be signed in to change notification settings - Fork 403
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Group-IB Connector] download feeds from TI convert to STIX objects a… (
- Loading branch information
1 parent
f73587a
commit c8d1bf5
Showing
24 changed files
with
5,808 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
# === OpenCTI Server === | ||
# http://opencti:8080 - for docker deployment, http://localhost:8080 - for manual deployment | ||
OPENCTI_URL=http://opencti:8080 | ||
# Use one as provided by the OpenCTI platform | ||
OPENCTI_TOKEN= | ||
|
||
# === OpenCTI Connector === | ||
# Docker container name | ||
CONTAINER_NAME=gib_connector | ||
# Generate one with uuidgen (https://www.uuidgenerator.net/version4) | ||
CONNECTOR_ID=80d059d5-7c3e-4b18-b307-2969a9461e6a | ||
CONNECTOR_TYPE=EXTERNAL_IMPORT | ||
# From 0 (Unknown) to 100 (Fully trusted) | ||
CONNECTOR_CONFIDENCE_LEVEL=100 | ||
# One of the following: debug, info, warning, error | ||
CONNECTOR_LOG_LEVEL=debug | ||
# the final letter should be one of 'd', 'h', 'm', 's' standing for day, hour, minute, second respectively. | ||
CONNECTOR_RUN_EVERY=24h | ||
CONNECTOR_UPDATE_EXISTING_DATA=true | ||
CONNECTOR_SCOPE=stix2,ipv4-addr,ipv6-addr,vulnerability,domain,url,StixFile | ||
CONNECTOR_NAME="Group-IB Connector" | ||
|
||
# === Threat Intelligence API Server === | ||
# Connector specific parameters. All params are mandatory. | ||
TI_API_URL=https://tap.group-ib.com/api/v2/ | ||
TI_API_USERNAME= | ||
TI_API_TOKEN= | ||
|
||
# === Threat Intelligence API Proxy === | ||
# Proxy specifc parameters. You can leave them blank. | ||
PROXY_IP= | ||
PROXY_PORT= | ||
PROXY_PROTOCOL= | ||
PROXY_USERNAME= | ||
PROXY_PASSWORD= | ||
|
||
# === Threat Intelligence Collections settings | ||
# Collections specifc parameters. All params are mandatory. | ||
IGNORE_NON_MALWARE_DDOS=true | ||
IGNORE_NON_INDICATOR_THREAT_REPORTS=false | ||
|
||
# === RabbitMQ Server used for integration manual run === | ||
MQ_HOST= | ||
MQ_PORT= | ||
MQ_VHOST= | ||
MQ_USE_SSL= | ||
MQ_USER= | ||
MQ_PASS= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
# Byte-compiled / optimized / DLL files | ||
__pycache__/ | ||
*.py[cod] | ||
*$py.class | ||
|
||
# C extensions | ||
*.so | ||
|
||
# Distribution / packaging | ||
.Python | ||
build/ | ||
develop-eggs/ | ||
dist/ | ||
downloads/ | ||
eggs/ | ||
.eggs/ | ||
|
||
lib64/ | ||
parts/ | ||
sdist/ | ||
var/ | ||
wheels/ | ||
pip-wheel-metadata/ | ||
share/python-wheels/ | ||
*.egg-info/ | ||
.installed.cfg | ||
*.egg | ||
MANIFEST | ||
|
||
# PyInstaller | ||
# Usually these files are written by a python script from a template | ||
# before PyInstaller builds the exe, so as to inject date/other infos into it. | ||
*.manifest | ||
*.spec | ||
|
||
# Installer logs | ||
pip-log.txt | ||
pip-delete-this-directory.txt | ||
|
||
# Unit test / coverage reports | ||
htmlcov/ | ||
.tox/ | ||
.nox/ | ||
.coverage | ||
.coverage.* | ||
.cache | ||
nosetests.xml | ||
coverage.xml | ||
*.cover | ||
*.py,cover | ||
.hypothesis/ | ||
.pytest_cache/ | ||
|
||
# Translations | ||
*.mo | ||
*.pot | ||
|
||
# Django stuff: | ||
*.log | ||
*.log.* | ||
local_settings.py | ||
db.sqlite3 | ||
db.sqlite3-journal | ||
|
||
# Flask stuff: | ||
instance/ | ||
.webassets-cache | ||
|
||
# Scrapy stuff: | ||
.scrapy | ||
|
||
# Sphinx documentation | ||
docs/_build/ | ||
|
||
# PyBuilder | ||
target/ | ||
|
||
# Jupyter Notebook | ||
.ipynb_checkpoints | ||
|
||
# IPython | ||
profile_default/ | ||
ipython_config.py | ||
|
||
# pyenv | ||
.python-version | ||
|
||
# pipenv | ||
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. | ||
# However, in case of collaboration, if having platform-specific dependencies or dependencies | ||
# having no cross-platform support, pipenv may install dependencies that don't work, or not | ||
# install all needed dependencies. | ||
#Pipfile.lock | ||
|
||
# PEP 582; used by e.g. github.com/David-OConnor/pyflow | ||
__pypackages__/ | ||
|
||
# Celery stuff | ||
celerybeat-schedule | ||
celerybeat.pid | ||
|
||
# SageMath parsed files | ||
*.sage.py | ||
|
||
# Environments | ||
.env | ||
.venv | ||
env/ | ||
venv/ | ||
ENV/ | ||
env.bak/ | ||
venv.bak/ | ||
|
||
# Spyder project settings | ||
.spyderproject | ||
.spyproject | ||
|
||
# Rope project settings | ||
.ropeproject | ||
|
||
# mkdocs documentation | ||
/site | ||
|
||
# mypy | ||
.mypy_cache/ | ||
.dmypy.json | ||
dmypy.json | ||
|
||
# Pyre type checker | ||
.pyre/ | ||
|
||
|
||
# Custom ignore | ||
cache | ||
|
||
# Pycharm | ||
.idea | ||
|
||
# Credentials |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
FROM python:3.11-alpine | ||
ENV CONNECTOR_TYPE=EXTERNAL_IMPORT | ||
|
||
# Install Python modules | ||
# hadolint ignore=DL3003 | ||
RUN apk --no-cache add git build-base libmagic libffi-dev libxml2-dev libxslt-dev | ||
COPY requirements.txt /tmp/requirements.txt | ||
RUN pip3 install --no-cache-dir -r /tmp/requirements.txt | ||
RUN rm -rf /var/cache/apk/* | ||
|
||
# Copy the connector | ||
COPY src /opt/connector/src | ||
COPY docs /opt/connector/docs | ||
WORKDIR /opt/connector/src | ||
|
||
# Install TI API lib | ||
RUN pip3 install /opt/connector/src/lib/cyberintegrations-0.6.6-py3-none-any.whl | ||
|
||
# Expose and entrypoint | ||
COPY entrypoint.sh / | ||
RUN chmod +x /entrypoint.sh | ||
ENTRYPOINT ["/entrypoint.sh"] |
Oops, something went wrong.