def __init__(self):
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.lastinfosec_url = get_config_variable("CONFIG_LIS_URL",
["lastinfosec", "api_url"],
config)
self.lastinfosec_apikey = get_config_variable(
"CONFIG_LIS_APIKEY", ["lastinfosec", "api_key"], config)
self.opencti_url = get_config_variable("OPENCTI_URL",
["opencti", "url"], config)
self.opencti_id = get_config_variable("OPENCTI_TOKEN",
["opencti", "token"], config)
self.update_existing_data = True
self.api = OpenCTIApiClient(self.opencti_url, self.opencti_id)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/../config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
# Extra config
self.confidence_level = get_config_variable(
"CONNECTOR_CONFIDENCE_LEVEL",
["connector", "confidence_level"],
config,
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
self.BASE_URL = get_config_variable("valhalla_BASE_URL",
["valhalla", "base_url"], config)
self.API_KEY = get_config_variable("valhalla_API_KEY",
["valhalla", "auth_key"], config)
self.INTERVAL_SEC = get_config_variable("valhalla_INTERVAL_SEC",
["valhalla", "interval_sec"],
config)
self.helper = OpenCTIConnectorHelper(config)
self.helper.log_info(f"loaded valhalla config: {config}")
# If we run without API key we can assume all data is TLP:WHITE else we
# default to TLP:AMBER to be safe.
if self.API_KEY == "" or self.API_KEY is None:
self.default_marking = self.helper.api.marking_definition.read(
id=TLP_WHITE["id"])
self.valhalla_client = ValhallaAPI()
else:
self.default_marking = self.helper.api.marking_definition.read(
id=TLP_AMBER["id"])
self.valhalla_client = ValhallaAPI(api_key=self.API_KEY)
self.knowledge_importer = KnowledgeImporter(
self.helper,
self.confidence_level,
self.update_existing_data,
self.default_marking,
self.valhalla_client,
)
def __init__(self):
"""Read in config variables"""
config_file_path = os.path.dirname(os.path.abspath(__file__))
config_file_path += "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.SafeLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.username = get_config_variable("TAXII2_USERNAME",
["taxii2", "username"], config)
self.password = get_config_variable("TAXII2_PASSWORD",
["taxii2", "password"], config)
self.is_v21 = get_config_variable("TAXII2_V21", ["taxii2", "v2.1"],
config)
if self.is_v21:
global Server, ApiRoot
from taxii2client.v21 import Server, ApiRoot
self.server_url = get_config_variable("TAXII2_SERVER_URL",
["taxii2", "server_url"], config)
discovery_tail = "taxii/" if not self.is_v21 else "taxii2/"
self.discovery_url = os.path.join(self.server_url, discovery_tail)
self.collections = get_config_variable("TAXII2_COLLECTIONS",
["taxii2", "collections"],
config).split(",")
self.initial_history = get_config_variable(
"TAXII2_INITIAL_HISTORY", ["taxii2", "initial_history"], config,
True)
self.per_request = get_config_variable("TAXII2_PER_REQUEST",
["taxii2", "per_request"],
config, True)
self.interval = get_config_variable("TAXII2_INTERVAl",
["taxii2", "interval"], config,
True)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = "{}/config.yml".format(
os.path.dirname(os.path.abspath(__file__)))
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Connector Config
self.confidence_level = get_config_variable(
"CONNECTOR_CONFIDENCE_LEVEL",
["connector", "confidence_level"],
config,
isNumber=True,
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
# CYBERCRIME-TRACKER.NET Config
self.feed_url = get_config_variable("CYBERCRIMET_RACKER_FEED_URL",
["cybercrime-tracker", "feed_url"],
config)
self.connector_tlp = get_config_variable("CYBERCRIME_TRACKER_TLP",
["cybercrime-tracker", "tlp"],
config)
self.create_indicators = get_config_variable(
"CYBERCRIME_TRACKER_CREATE_INDICATORS",
["cybercrime-tracker", "create_indicators"],
config,
)
self.create_observables = get_config_variable(
"CYBERCRIME_TRACKER_CREATE_OBSERVABLES",
["cybercrime-tracker", "create_observables"],
config,
)
self.interval = get_config_variable(
"CYBERCRIMETRACKER_INTERVAL",
["cybercrime-tracker", "interval"],
config,
isNumber=True,
)
def __init__(self):
# Get configuration
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + '/config.yml'
self.config = dict()
if os.path.isfile(config_file_path):
config = yaml.load(open(config_file_path), Loader=yaml.FullLoader)
self.config_rabbitmq = config['rabbitmq']
self.config['name'] = config['mitre']['name']
self.config['confidence_level'] = config['mitre'][
'confidence_level']
self.config['enterprise_file_url'] = config['mitre'][
'enterprise_file_url']
self.config['entities'] = config['mitre']['entities'].split(',')
self.config['interval'] = config['mitre']['interval']
self.config['log_level'] = config['mitre']['log_level']
else:
self.config_rabbitmq = dict()
self.config_rabbitmq['hostname'] = os.getenv(
'RABBITMQ_HOSTNAME', 'localhost')
self.config_rabbitmq['port'] = os.getenv('RABBITMQ_PORT', 5672)
self.config_rabbitmq['username'] = os.getenv(
'RABBITMQ_USERNAME', 'guest')
self.config_rabbitmq['password'] = os.getenv(
'RABBITMQ_PASSWORD', 'guest')
self.config['name'] = os.getenv('MITRE_NAME', 'MITRE ATT&CK')
self.config['confidence_level'] = int(
os.getenv('MITRE_CONFIDENCE_LEVEL', 3))
self.config['enterprise_file_url'] = os.getenv(
'MITRE_ENTERPRISE_FILE_URL',
'https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json'
)
self.config['entities'] = os.getenv(
'MITRE_ENTITIES',
'attack-pattern,course-of-action,intrusion-set,malware,tool'
).split(',')
self.config['interval'] = os.getenv('MITRE_INTERVAL', 5)
self.config['log_level'] = os.getenv('MITRE_LOG_LEVEL', 'info')
# Initialize OpenCTI Connector
connector_identifier = ''.join(e for e in self.config['name']
if e.isalnum())
self.opencti_connector_helper = OpenCTIConnectorHelper(
connector_identifier.lower(), self.config, self.config_rabbitmq,
self.config['log_level'])
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
self.api_key = get_config_variable(
"ABUSEIPDB_API_KEY", ["abuseipdb", "api_key"], config
)
self.max_tlp = get_config_variable(
"ABUSEIPDB_MAX_TLP", ["abuseipdb", "max_tlp"], config
)
self.whitelist_label = self.helper.api.label.create(
value="whitelist", color="#4caf50"
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.interval = 1 # 1 Day interval between each scraping
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.confidence_level = get_config_variable(
"CONNECTOR_CONFIDENCE_LEVEL",
["connector", "confidence_level"],
config,
isNumber=True,
)
self.data = {}
def __init__(self):
# Instantiate the connector helper from config
config_file_path = Path(
__file__).parent.parent.resolve() / "config.yml"
config = (yaml.load(open(config_file_path, encoding="utf-8"),
Loader=yaml.FullLoader)
if config_file_path.is_file() else {})
self.helper = OpenCTIConnectorHelper(config)
token = get_config_variable("VIRUSTOTAL_TOKEN",
["virustotal", "token"], config)
self.max_tlp = get_config_variable("VIRUSTOTAL_MAX_TLP",
["virustotal", "max_tlp"], config)
self.client = VirusTotalClient(self._API_URL, token)
# Cache to store YARA rulesets.
self.yara_cache = {}
def __init__(self, conf_data):
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else conf_data)
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.direct_creation = get_config_variable(
"DIRECT_CREATION",
["backup", "direct_creation"],
config,
default=False,
)
self.backup_protocol = get_config_variable("BACKUP_PROTOCOL",
["backup", "protocol"],
config)
self.backup_path = get_config_variable("BACKUP_PATH",
["backup", "path"], config)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.token = get_config_variable("VIRUSTOTAL_TOKEN",
["virustotal", "token"], config)
self.max_tlp = get_config_variable("VIRUSTOTAL_MAX_TLP",
["virustotal", "max_tlp"], config)
self.api_url = "https://www.virustotal.com/api/v3"
self.headers = {
"x-apikey": self.token,
"accept": "application/json",
"content-type": "application/json",
}
self._CONNECTOR_RUN_INTERVAL_SEC = 60 * 60
def __init__(self):
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.talosip_interval = get_config_variable(
"TALOSIP_INTERVAL", ["talosip", "interval"], config, True
)
self.talosip_url = get_config_variable(
"TALOSIP_URL", ["talosip", "url"], config
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
self.delete_old_data = get_config_variable(
"DELETE_OLD_DATA", ["connector", "delete_old_data"], config
)
self.helper = OpenCTIConnectorHelper(config)
# get tag
self.talos_tag = self.helper.api.tag.create(
tag_type="Event", value="TalosIntelligence", color="#fc036b"
)
self.ipv4_tag = self.helper.api.tag.create(
tag_type="Event", value="ipv4-blacklist", color="#1c100b"
)
# create identity
self.helper.log_info("Creating an Identity...")
self.entity_identity = self.helper.api.identity.create(
name="Cisco Talos",
type="Organization",
description="Talosintilligence IP Blacklist",
)
# create marking definition
self.tlp_white_marking_definition = self.helper.api.marking_definition.read(
filters={"key": "definition", "values": ["TLP:WHITE"]}
)
# report published time
self.published_report = None
self.being_added = []
self.being_deleted = []
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.token = get_config_variable("SHODAN_TOKEN", ["shodan", "token"],
config)
self.max_tlp = get_config_variable("SHODAN_MAX_TLP",
["shodan", "max_tlp"], config)
self.create_indicators = get_config_variable(
"SHODAN_CREATE_INDICATORS",
["shodan", "create_indicators"],
config,
False,
True,
)
self.shodanAPI = shodan.Shodan(self.token)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.identity = self.helper.api.identity.create(
type="Organization", name="Virustotal",
description="Virustotal")["standard_id"]
# Get other config values
api_key = get_config_variable(
"VIRUSTOTAL_DOWNLOADER_API_KEY",
["virustotal_downloader", "api_key"],
config,
)
self.api_client = vt.Client(api_key)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + '/config.yml'
config = yaml.load(open(config_file_path), Loader=yaml.FullLoader
) if os.path.isfile(config_file_path) else {}
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.amitt_file_url = get_config_variable('AMITT_FILE_URL',
['amitt', 'amitt_file_url'],
config)
self.pre_amitt_file_url = get_config_variable(
'PRE_AMITT_FILE_URL', ['amitt', 'pre_amitt_file_url'], config)
self.amitt_interval = get_config_variable('AMITT_INTERVAL',
['amitt', 'interval'],
config, True)
self.update_existing_data = get_config_variable(
'CONNECTOR_UPDATE_EXISTING_DATA',
['connector', 'update_existing_data'], config)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path))
if os.path.isfile(config_file_path) else {})
self.interval = 1 # 1 Day interval between each scraping
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.confidence_level = get_config_variable(
"CONNECTOR_CONFIDENCE_LEVEL",
["connector", "confidence_level"],
config,
)
self.MALPEDIA_API = get_config_variable("MALPEDIA_API",
["malpedia", "MALPEDIA_API"],
config)
self.AUTH_KEY = get_config_variable("AUTH_KEY",
["malpedia", "AUTH_KEY"], config)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + '/config.yml'
config = yaml.load(open(config_file_path), Loader=yaml.FullLoader
) if os.path.isfile(config_file_path) else {}
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.opencti_sectors_file_url = get_config_variable(
'CONFIG_SECTORS_FILE_URL', ['config', 'sectors_file_url'], config)
self.opencti_geography_file_url = get_config_variable(
'CONFIG_GEOGRAPHY_FILE_URL', ['config', 'geography_file_url'],
config)
self.opencti_interval = get_config_variable('CONFIG_INTERVAL',
['config', 'interval'],
config, True)
self.update_existing_data = get_config_variable(
'CONNECTOR_UPDATE_EXISTING_DATA',
['connector', 'update_existing_data'], config)
def __init__(self):
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
# Connector configuration
self.entity_name = get_config_variable("CONNECTOR_ENTITY_NAME",
["connector", "entity_name"],
config)
self.entity_desc = get_config_variable(
"CONNECTOR_ENTITY_DESCRIPTION",
["connector", "entity_description"], config)
self.forward_all_iocs = get_config_variable(
"CONNECTOR_FORWARD_ALL_IOCS", ["connector", "forward_all_iocs"],
config)
self.threatbus_entity = None
# Custom configuration for Threat Bus & ZeroMQ plugin endpoint
self.threatbus_zmq_host = get_config_variable(
"THREATBUS_ZMQ_HOST", ["threatbus", "zmq_host"], config)
self.threatbus_zmq_port = get_config_variable(
"THREATBUS_ZMQ_PORT", ["threatbus", "zmq_port"], config)
threatbus_snapshot = get_config_variable(
"THREATBUS_SNAPSHOT",
["threatbus", "snapshot"],
config,
isNumber=True,
default=0,
)
# Helper initialization
self.opencti_helper = OpenCTIConnectorHelper(config)
zmq_endpoint = f"{self.threatbus_zmq_host}:{self.threatbus_zmq_port}"
self.threatbus_helper = ThreatBusConnectorHelper(
zmq_endpoint,
self._handle_threatbus_message,
self.opencti_helper.log_info,
self.opencti_helper.log_error,
subscribe_topics=["stix2/sighting", "stix2/indicator"],
publish_topic="stix2/indicator",
snapshot=threatbus_snapshot,
)
def __init__(self):
# Get configuration
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + '/config.yml'
self.config = dict()
if os.path.isfile(config_file_path):
config = yaml.load(open(config_file_path), Loader=yaml.FullLoader)
self.config_rabbitmq = config['rabbitmq']
self.config['name'] = config['opencti']['name']
self.config['confidence_level'] = config['opencti'][
'confidence_level']
self.config['sectors_file_url'] = config['opencti'][
'sectors_file_url']
self.config['entities'] = config['opencti']['entities'].split(',')
self.config['interval'] = config['opencti']['interval']
self.config['log_level'] = config['opencti']['log_level']
else:
self.config_rabbitmq = dict()
self.config_rabbitmq['hostname'] = os.getenv(
'RABBITMQ_HOSTNAME', 'localhost')
self.config_rabbitmq['port'] = os.getenv('RABBITMQ_PORT', 5672)
self.config_rabbitmq['username'] = os.getenv(
'RABBITMQ_USERNAME', 'guest')
self.config_rabbitmq['password'] = os.getenv(
'RABBITMQ_PASSWORD', 'guest')
self.config['name'] = os.getenv('OPENCTI_NAME', 'OpenCTI')
self.config['confidence_level'] = int(
os.getenv('OPENCTI_CONFIDENCE_LEVEL', 5))
self.config['sectors_file_url'] = os.getenv(
'OPENCTI_SECTORS_FILE_URL',
'https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/sectors.json'
)
self.config['entities'] = os.getenv(
'OPENCTI_ENTITIES', 'sector,region,country,city').split(',')
self.config['interval'] = os.getenv('OPENCTI_INTERVAL', 1)
self.config['log_level'] = os.getenv('OPENCTI_LOG_LEVEL', 'info')
# Initialize OpenCTI Connector
connector_identifier = ''.join(e for e in self.config['name']
if e.isalnum())
self.opencti_connector_helper = OpenCTIConnectorHelper(
connector_identifier.lower(), self.config, self.config_rabbitmq,
self.config['log_level'])
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.thehive_url = get_config_variable(
"THEHIVE_URL", ["thehive", "url"], config
)
self.thehive_api_key = get_config_variable(
"THEHIVE_API_KEY", ["thehive", "api_key"], config
)
self.thehive_check_ssl = get_config_variable(
"THEHIVE_CHECK_SSL", ["thehive", "check_ssl"], config, False, True
)
self.thehive_organization_name = get_config_variable(
"THEHIVE_ORGANIZATION_NAME", ["thehive", "organization_name"], config
)
self.thehive_import_from_date = get_config_variable(
"THEHIVE_IMPORT_FROM_DATE",
["thehive", "import_from_date"],
config,
False,
datetime.utcfromtimestamp(int(time.time())).strftime("%Y-%m-%d %H:%M:%S"),
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
self.identity = self.helper.api.identity.create(
type="Organization",
name=self.thehive_organization_name,
description=self.thehive_organization_name,
)
self.thehive_api = TheHiveApi(
self.thehive_url, self.thehive_api_key, cert=self.thehive_check_ssl
)
def __init__(self):
# Get configuration
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + '/config.yml'
self.config = dict()
if os.path.isfile(config_file_path):
config = yaml.load(open(config_file_path), Loader=yaml.FullLoader)
self.config_rabbitmq = config['rabbitmq']
self.config['name'] = config['cve']['name']
self.config['confidence_level'] = config['cve']['confidence_level']
self.config['nvd_data_feed'] = config['cve']['nvd_data_feed']
self.config['entities'] = config['cve']['entities'].split(',')
self.config['interval'] = config['cve']['interval']
self.config['log_level'] = config['cve']['log_level']
else:
self.config_rabbitmq = dict()
self.config_rabbitmq['hostname'] = os.getenv(
'RABBITMQ_HOSTNAME', 'localhost')
self.config_rabbitmq['port'] = os.getenv('RABBITMQ_PORT', 5672)
self.config_rabbitmq['username'] = os.getenv(
'RABBITMQ_USERNAME', 'guest')
self.config_rabbitmq['password'] = os.getenv(
'RABBITMQ_PASSWORD', 'guest')
self.config['name'] = os.getenv(
'CVE_NAME', 'Common Vulnerabilities and Exposures')
self.config['confidence_level'] = int(
os.getenv('CVE_CONFIDENCE_LEVEL', 3))
self.config['nvd_data_feed'] = os.getenv(
'CVE_DATA_FEED',
'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-recent.json.gz'
)
self.config['entities'] = os.getenv('CVE_ENTITIES',
'vulnerability').split(',')
self.config['interval'] = os.getenv('CVE_INTERVAL', 5)
self.config['log_level'] = os.getenv('CVE_LOG_LEVEL', 'info')
# Initialize OpenCTI Connector
connector_identifier = ''.join(e for e in self.config['name']
if e.isalnum())
self.opencti_connector_helper = OpenCTIConnectorHelper(
connector_identifier.lower(), self.config, self.config_rabbitmq,
self.config['log_level'])
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.SafeLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
self.organization = get_config_variable("ORGANIZATION",
["sighting", "organization"],
config)
self.labels = get_config_variable("SIGHTING_LABELS",
["sighting", "labels"],
config).split(",")
self.identity = self.helper.api.identity.create(
type="Organization",
name=self.organization,
description=self.organization +
" created by the Sighting connector",
)
def __init__(self, config, dryrun):
self.config = config['OpenCTI']
self.dryrun = dryrun
self._get_octi_sectors()
self.connector_config = {
'name': self.config['connector_name'],
'confidence_level': 3,
'entities': 'report, intrusion-set, identity',
'interval': 0,
'log_level': 'info'
}
confyml_path = os.path.dirname(
os.path.abspath(__file__)) + '/config.yml'
confyml = yaml.load(
open(confyml_path),
Loader=yaml.FullLoader) if os.path.isfile(confyml_path) else {}
self.opencti_connector_helper = OpenCTIConnectorHelper(confyml)
def __init__(self, config, dryrun):
self.config = config['OpenCTI']
self.dryrun = dryrun
self._get_octi_sectors()
self.connector_config = {
'name': self.config['connector_name'],
'confidence_level': 3,
'entities': 'report, intrusion-set, identity',
'interval': 0,
'log_level': 'info'
}
self.opencti_connector_helper = OpenCTIConnectorHelper(
self.config['connector_name'].lower(), self.connector_config, {
'hostname': self.config['rabbitmq_hostname'],
'port': int(self.config['rabbitmq_port']),
'username': self.config['rabbitmq_username'],
'password': self.config['rabbitmq_password']
}, self.connector_config['log_level'])
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.misp_url = get_config_variable("MISP_URL", ["misp", "url"], config)
self.misp_key = get_config_variable("MISP_KEY", ["misp", "key"], config)
self.misp_ssl_verify = get_config_variable(
"MISP_SSL_VERIFY", ["misp", "ssl_verify"], config
)
self.misp_create_report = get_config_variable(
"MISP_CREATE_REPORTS", ["misp", "create_reports"], config
)
self.misp_report_class = (
get_config_variable("MISP_REPORT_CLASS", ["misp", "report_class"], config)
or "MISP Event"
)
self.misp_import_from_date = get_config_variable(
"MISP_IMPORT_FROM_DATE", ["misp", "import_from_date"], config
)
self.misp_import_tags = get_config_variable(
"MISP_IMPORT_TAGS", ["misp", "import_tags"], config
)
self.misp_interval = get_config_variable(
"MISP_INTERVAL", ["misp", "interval"], config, True
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
# Initialize MISP
self.misp = ExpandedPyMISP(
url=self.misp_url, key=self.misp_key, ssl=self.misp_ssl_verify, debug=False
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml"
config = (
yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path)
else {}
)
self.helper = OpenCTIConnectorHelper(config)
warninglists_slow_search = bool(
get_config_variable(
"HYGIENE_WARNINGLISTS_SLOW_SEARCH",
["hygiene", "warninglists_slow_search"],
config,
default=False,
)
)
self.enrich_subdomains = bool(
get_config_variable(
"HYGIENE_ENRICH_SUBDOMAINS",
["hygiene", "enrich_subdomains"],
config,
default=False,
)
)
self.helper.log_info(f"Warning lists slow search: {warninglists_slow_search}")
self.warninglists = WarningLists(slow_search=warninglists_slow_search)
# Create Hygiene Tag
self.label_hygiene = self.helper.api.label.create(
value="Hygiene", color="#fc0341"
)
if self.enrich_subdomains:
self.label_hygiene_parent = self.helper.api.label.create(
value="Hygiene_parent", color="#fc0341"
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.opencti_sectors_file_url = get_config_variable(
"CONFIG_SECTORS_FILE_URL", ["config", "sectors_file_url"], config)
self.opencti_geography_file_url = get_config_variable(
"CONFIG_GEOGRAPHY_FILE_URL", ["config", "geography_file_url"],
config)
self.opencti_interval = get_config_variable("CONFIG_INTERVAL",
["config", "interval"],
config, True)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.cve_import_history = get_config_variable(
"CVE_IMPORT_HISTORY", ["cve", "import_history"], config, False)
self.cve_nvd_data_feed = get_config_variable("CVE_NVD_DATA_FEED",
["cve", "nvd_data_feed"],
config)
self.cve_interval = get_config_variable("CVE_INTERVAL",
["cve", "interval"], config,
True)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.amitt_file_url = get_config_variable("AMITT_FILE_URL",
["amitt", "amitt_file_url"],
config)
self.pre_amitt_file_url = get_config_variable(
"PRE_AMITT_FILE_URL", ["amitt", "pre_amitt_file_url"], config)
self.amitt_interval = get_config_variable("AMITT_INTERVAL",
["amitt", "interval"],
config, True)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
def __init__(self):
# Instantiate the connector helper from config
config_file_path = os.path.dirname(
os.path.abspath(__file__)) + "/config.yml"
config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader)
if os.path.isfile(config_file_path) else {})
self.helper = OpenCTIConnectorHelper(config)
# Extra config
self.fireeye_api_url = get_config_variable("FIREEYE_API_URL",
["fireeye", "api_url"],
config)
self.fireeye_api_v3_public = get_config_variable(
"FIREEYE_API_V3_PUBLIC", ["fireeye", "api_v3_public"], config)
self.fireeye_api_v3_secret = get_config_variable(
"FIREEYE_API_V3_SECRET", ["fireeye", "api_v3_secret"], config)
self.fireeye_collections = get_config_variable(
"FIREEYE_COLLECTIONS", ["fireeye", "collections"],
config).split(",")
self.fireeye_import_start_date = get_config_variable(
"FIREEYE_IMPORT_START_DATE",
["fireeye", "import_start_date"],
config,
)
self.update_existing_data = get_config_variable(
"CONNECTOR_UPDATE_EXISTING_DATA",
["connector", "update_existing_data"],
config,
)
self.added_after = parse(self.fireeye_import_start_date).timestamp()
self.identity = self.helper.api.identity.create(
type="Organization",
name="FireEye, Inc.",
description=
"FireEye is a publicly traded cybersecurity company headquartered in Milpitas, California. It has been involved in the detection and prevention of major cyber attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks. FireEye was founded in 2004.",
)
# Init variables
self.auth_token = None
self._get_token()
def __init__(self):
# Instantiate the connector helper from config
config_file_path = Path(__file__).parent.parent.resolve() / "config.yml"
config = (
yaml.load(open(config_file_path, encoding="utf8"), Loader=yaml.FullLoader)
if config_file_path.is_file()
else {}
)
self.helper = OpenCTIConnectorHelper(config)
self.base_url = get_config_variable(
"RISKIQ_BASE_URL", ["riskiq", "base_url"], config
)
self.interval_sec = get_config_variable(
"RISKIQ_INTERVAL_SEC", ["riskiq", "interval_sec"], config
)
user = get_config_variable("RISKIQ_USER", ["riskiq", "user"], config)
password = get_config_variable(
"RISKIQ_PASSWORD", ["riskiq", "password"], config
)
self.create_indicators = get_config_variable(
"RISKIQ_CREATE_INDICATORS",
["riskiq", "create_indicators"],
config,
False,
True,
)
# Create the author for all reports.
self.author = Identity(
name=self._DEFAULT_AUTHOR,
identity_class="organization",
description=" RiskIQ is a cyber security company based in San Francisco, California."
" It provides cloud - based software as a service(SaaS) for organizations"
" to detect phishing, fraud, malware, and other online security threats.",
confidence=self.helper.connect_confidence_level,
)
# Initialization of the client
self.client = RiskIQClient(self.base_url, user, password)
