def __init__(self): config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.lastinfosec_url = get_config_variable("CONFIG_LIS_URL", ["lastinfosec", "api_url"], config) self.lastinfosec_apikey = get_config_variable( "CONFIG_LIS_APIKEY", ["lastinfosec", "api_key"], config) self.opencti_url = get_config_variable("OPENCTI_URL", ["opencti", "url"], config) self.opencti_id = get_config_variable("OPENCTI_TOKEN", ["opencti", "token"], config) self.update_existing_data = True self.api = OpenCTIApiClient(self.opencti_url, self.opencti_id)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/../config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) # Extra config self.confidence_level = get_config_variable( "CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config, ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) self.BASE_URL = get_config_variable("valhalla_BASE_URL", ["valhalla", "base_url"], config) self.API_KEY = get_config_variable("valhalla_API_KEY", ["valhalla", "auth_key"], config) self.INTERVAL_SEC = get_config_variable("valhalla_INTERVAL_SEC", ["valhalla", "interval_sec"], config) self.helper = OpenCTIConnectorHelper(config) self.helper.log_info(f"loaded valhalla config: {config}") # If we run without API key we can assume all data is TLP:WHITE else we # default to TLP:AMBER to be safe. if self.API_KEY == "" or self.API_KEY is None: self.default_marking = self.helper.api.marking_definition.read( id=TLP_WHITE["id"]) self.valhalla_client = ValhallaAPI() else: self.default_marking = self.helper.api.marking_definition.read( id=TLP_AMBER["id"]) self.valhalla_client = ValhallaAPI(api_key=self.API_KEY) self.knowledge_importer = KnowledgeImporter( self.helper, self.confidence_level, self.update_existing_data, self.default_marking, self.valhalla_client, )
def __init__(self): """Read in config variables""" config_file_path = os.path.dirname(os.path.abspath(__file__)) config_file_path += "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.SafeLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.username = get_config_variable("TAXII2_USERNAME", ["taxii2", "username"], config) self.password = get_config_variable("TAXII2_PASSWORD", ["taxii2", "password"], config) self.is_v21 = get_config_variable("TAXII2_V21", ["taxii2", "v2.1"], config) if self.is_v21: global Server, ApiRoot from taxii2client.v21 import Server, ApiRoot self.server_url = get_config_variable("TAXII2_SERVER_URL", ["taxii2", "server_url"], config) discovery_tail = "taxii/" if not self.is_v21 else "taxii2/" self.discovery_url = os.path.join(self.server_url, discovery_tail) self.collections = get_config_variable("TAXII2_COLLECTIONS", ["taxii2", "collections"], config).split(",") self.initial_history = get_config_variable( "TAXII2_INITIAL_HISTORY", ["taxii2", "initial_history"], config, True) self.per_request = get_config_variable("TAXII2_PER_REQUEST", ["taxii2", "per_request"], config, True) self.interval = get_config_variable("TAXII2_INTERVAl", ["taxii2", "interval"], config, True) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, )
def __init__(self): # Instantiate the connector helper from config config_file_path = "{}/config.yml".format( os.path.dirname(os.path.abspath(__file__))) config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Connector Config self.confidence_level = get_config_variable( "CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config, isNumber=True, ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) # CYBERCRIME-TRACKER.NET Config self.feed_url = get_config_variable("CYBERCRIMET_RACKER_FEED_URL", ["cybercrime-tracker", "feed_url"], config) self.connector_tlp = get_config_variable("CYBERCRIME_TRACKER_TLP", ["cybercrime-tracker", "tlp"], config) self.create_indicators = get_config_variable( "CYBERCRIME_TRACKER_CREATE_INDICATORS", ["cybercrime-tracker", "create_indicators"], config, ) self.create_observables = get_config_variable( "CYBERCRIME_TRACKER_CREATE_OBSERVABLES", ["cybercrime-tracker", "create_observables"], config, ) self.interval = get_config_variable( "CYBERCRIMETRACKER_INTERVAL", ["cybercrime-tracker", "interval"], config, isNumber=True, )
def __init__(self): # Get configuration config_file_path = os.path.dirname( os.path.abspath(__file__)) + '/config.yml' self.config = dict() if os.path.isfile(config_file_path): config = yaml.load(open(config_file_path), Loader=yaml.FullLoader) self.config_rabbitmq = config['rabbitmq'] self.config['name'] = config['mitre']['name'] self.config['confidence_level'] = config['mitre'][ 'confidence_level'] self.config['enterprise_file_url'] = config['mitre'][ 'enterprise_file_url'] self.config['entities'] = config['mitre']['entities'].split(',') self.config['interval'] = config['mitre']['interval'] self.config['log_level'] = config['mitre']['log_level'] else: self.config_rabbitmq = dict() self.config_rabbitmq['hostname'] = os.getenv( 'RABBITMQ_HOSTNAME', 'localhost') self.config_rabbitmq['port'] = os.getenv('RABBITMQ_PORT', 5672) self.config_rabbitmq['username'] = os.getenv( 'RABBITMQ_USERNAME', 'guest') self.config_rabbitmq['password'] = os.getenv( 'RABBITMQ_PASSWORD', 'guest') self.config['name'] = os.getenv('MITRE_NAME', 'MITRE ATT&CK') self.config['confidence_level'] = int( os.getenv('MITRE_CONFIDENCE_LEVEL', 3)) self.config['enterprise_file_url'] = os.getenv( 'MITRE_ENTERPRISE_FILE_URL', 'https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json' ) self.config['entities'] = os.getenv( 'MITRE_ENTITIES', 'attack-pattern,course-of-action,intrusion-set,malware,tool' ).split(',') self.config['interval'] = os.getenv('MITRE_INTERVAL', 5) self.config['log_level'] = os.getenv('MITRE_LOG_LEVEL', 'info') # Initialize OpenCTI Connector connector_identifier = ''.join(e for e in self.config['name'] if e.isalnum()) self.opencti_connector_helper = OpenCTIConnectorHelper( connector_identifier.lower(), self.config, self.config_rabbitmq, self.config['log_level'])
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.helper = OpenCTIConnectorHelper(config) self.api_key = get_config_variable( "ABUSEIPDB_API_KEY", ["abuseipdb", "api_key"], config ) self.max_tlp = get_config_variable( "ABUSEIPDB_MAX_TLP", ["abuseipdb", "max_tlp"], config ) self.whitelist_label = self.helper.api.label.create( value="whitelist", color="#4caf50" )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.interval = 1 # 1 Day interval between each scraping self.helper = OpenCTIConnectorHelper(config) # Extra config self.confidence_level = get_config_variable( "CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config, isNumber=True, ) self.data = {}
def __init__(self): # Instantiate the connector helper from config config_file_path = Path( __file__).parent.parent.resolve() / "config.yml" config = (yaml.load(open(config_file_path, encoding="utf-8"), Loader=yaml.FullLoader) if config_file_path.is_file() else {}) self.helper = OpenCTIConnectorHelper(config) token = get_config_variable("VIRUSTOTAL_TOKEN", ["virustotal", "token"], config) self.max_tlp = get_config_variable("VIRUSTOTAL_MAX_TLP", ["virustotal", "max_tlp"], config) self.client = VirusTotalClient(self._API_URL, token) # Cache to store YARA rulesets. self.yara_cache = {}
def __init__(self, conf_data): config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else conf_data) self.helper = OpenCTIConnectorHelper(config) # Extra config self.direct_creation = get_config_variable( "DIRECT_CREATION", ["backup", "direct_creation"], config, default=False, ) self.backup_protocol = get_config_variable("BACKUP_PROTOCOL", ["backup", "protocol"], config) self.backup_path = get_config_variable("BACKUP_PATH", ["backup", "path"], config)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.token = get_config_variable("VIRUSTOTAL_TOKEN", ["virustotal", "token"], config) self.max_tlp = get_config_variable("VIRUSTOTAL_MAX_TLP", ["virustotal", "max_tlp"], config) self.api_url = "https://www.virustotal.com/api/v3" self.headers = { "x-apikey": self.token, "accept": "application/json", "content-type": "application/json", } self._CONNECTOR_RUN_INTERVAL_SEC = 60 * 60
def __init__(self): config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.talosip_interval = get_config_variable( "TALOSIP_INTERVAL", ["talosip", "interval"], config, True ) self.talosip_url = get_config_variable( "TALOSIP_URL", ["talosip", "url"], config ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) self.delete_old_data = get_config_variable( "DELETE_OLD_DATA", ["connector", "delete_old_data"], config ) self.helper = OpenCTIConnectorHelper(config) # get tag self.talos_tag = self.helper.api.tag.create( tag_type="Event", value="TalosIntelligence", color="#fc036b" ) self.ipv4_tag = self.helper.api.tag.create( tag_type="Event", value="ipv4-blacklist", color="#1c100b" ) # create identity self.helper.log_info("Creating an Identity...") self.entity_identity = self.helper.api.identity.create( name="Cisco Talos", type="Organization", description="Talosintilligence IP Blacklist", ) # create marking definition self.tlp_white_marking_definition = self.helper.api.marking_definition.read( filters={"key": "definition", "values": ["TLP:WHITE"]} ) # report published time self.published_report = None self.being_added = [] self.being_deleted = []
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.token = get_config_variable("SHODAN_TOKEN", ["shodan", "token"], config) self.max_tlp = get_config_variable("SHODAN_MAX_TLP", ["shodan", "max_tlp"], config) self.create_indicators = get_config_variable( "SHODAN_CREATE_INDICATORS", ["shodan", "create_indicators"], config, False, True, ) self.shodanAPI = shodan.Shodan(self.token)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.identity = self.helper.api.identity.create( type="Organization", name="Virustotal", description="Virustotal")["standard_id"] # Get other config values api_key = get_config_variable( "VIRUSTOTAL_DOWNLOADER_API_KEY", ["virustotal_downloader", "api_key"], config, ) self.api_client = vt.Client(api_key)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + '/config.yml' config = yaml.load(open(config_file_path), Loader=yaml.FullLoader ) if os.path.isfile(config_file_path) else {} self.helper = OpenCTIConnectorHelper(config) # Extra config self.amitt_file_url = get_config_variable('AMITT_FILE_URL', ['amitt', 'amitt_file_url'], config) self.pre_amitt_file_url = get_config_variable( 'PRE_AMITT_FILE_URL', ['amitt', 'pre_amitt_file_url'], config) self.amitt_interval = get_config_variable('AMITT_INTERVAL', ['amitt', 'interval'], config, True) self.update_existing_data = get_config_variable( 'CONNECTOR_UPDATE_EXISTING_DATA', ['connector', 'update_existing_data'], config)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path)) if os.path.isfile(config_file_path) else {}) self.interval = 1 # 1 Day interval between each scraping self.helper = OpenCTIConnectorHelper(config) # Extra config self.confidence_level = get_config_variable( "CONNECTOR_CONFIDENCE_LEVEL", ["connector", "confidence_level"], config, ) self.MALPEDIA_API = get_config_variable("MALPEDIA_API", ["malpedia", "MALPEDIA_API"], config) self.AUTH_KEY = get_config_variable("AUTH_KEY", ["malpedia", "AUTH_KEY"], config)
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + '/config.yml' config = yaml.load(open(config_file_path), Loader=yaml.FullLoader ) if os.path.isfile(config_file_path) else {} self.helper = OpenCTIConnectorHelper(config) # Extra config self.opencti_sectors_file_url = get_config_variable( 'CONFIG_SECTORS_FILE_URL', ['config', 'sectors_file_url'], config) self.opencti_geography_file_url = get_config_variable( 'CONFIG_GEOGRAPHY_FILE_URL', ['config', 'geography_file_url'], config) self.opencti_interval = get_config_variable('CONFIG_INTERVAL', ['config', 'interval'], config, True) self.update_existing_data = get_config_variable( 'CONNECTOR_UPDATE_EXISTING_DATA', ['connector', 'update_existing_data'], config)
def __init__(self): config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) # Connector configuration self.entity_name = get_config_variable("CONNECTOR_ENTITY_NAME", ["connector", "entity_name"], config) self.entity_desc = get_config_variable( "CONNECTOR_ENTITY_DESCRIPTION", ["connector", "entity_description"], config) self.forward_all_iocs = get_config_variable( "CONNECTOR_FORWARD_ALL_IOCS", ["connector", "forward_all_iocs"], config) self.threatbus_entity = None # Custom configuration for Threat Bus & ZeroMQ plugin endpoint self.threatbus_zmq_host = get_config_variable( "THREATBUS_ZMQ_HOST", ["threatbus", "zmq_host"], config) self.threatbus_zmq_port = get_config_variable( "THREATBUS_ZMQ_PORT", ["threatbus", "zmq_port"], config) threatbus_snapshot = get_config_variable( "THREATBUS_SNAPSHOT", ["threatbus", "snapshot"], config, isNumber=True, default=0, ) # Helper initialization self.opencti_helper = OpenCTIConnectorHelper(config) zmq_endpoint = f"{self.threatbus_zmq_host}:{self.threatbus_zmq_port}" self.threatbus_helper = ThreatBusConnectorHelper( zmq_endpoint, self._handle_threatbus_message, self.opencti_helper.log_info, self.opencti_helper.log_error, subscribe_topics=["stix2/sighting", "stix2/indicator"], publish_topic="stix2/indicator", snapshot=threatbus_snapshot, )
def __init__(self): # Get configuration config_file_path = os.path.dirname( os.path.abspath(__file__)) + '/config.yml' self.config = dict() if os.path.isfile(config_file_path): config = yaml.load(open(config_file_path), Loader=yaml.FullLoader) self.config_rabbitmq = config['rabbitmq'] self.config['name'] = config['opencti']['name'] self.config['confidence_level'] = config['opencti'][ 'confidence_level'] self.config['sectors_file_url'] = config['opencti'][ 'sectors_file_url'] self.config['entities'] = config['opencti']['entities'].split(',') self.config['interval'] = config['opencti']['interval'] self.config['log_level'] = config['opencti']['log_level'] else: self.config_rabbitmq = dict() self.config_rabbitmq['hostname'] = os.getenv( 'RABBITMQ_HOSTNAME', 'localhost') self.config_rabbitmq['port'] = os.getenv('RABBITMQ_PORT', 5672) self.config_rabbitmq['username'] = os.getenv( 'RABBITMQ_USERNAME', 'guest') self.config_rabbitmq['password'] = os.getenv( 'RABBITMQ_PASSWORD', 'guest') self.config['name'] = os.getenv('OPENCTI_NAME', 'OpenCTI') self.config['confidence_level'] = int( os.getenv('OPENCTI_CONFIDENCE_LEVEL', 5)) self.config['sectors_file_url'] = os.getenv( 'OPENCTI_SECTORS_FILE_URL', 'https://raw.githubusercontent.com/OpenCTI-Platform/datasets/master/data/sectors.json' ) self.config['entities'] = os.getenv( 'OPENCTI_ENTITIES', 'sector,region,country,city').split(',') self.config['interval'] = os.getenv('OPENCTI_INTERVAL', 1) self.config['log_level'] = os.getenv('OPENCTI_LOG_LEVEL', 'info') # Initialize OpenCTI Connector connector_identifier = ''.join(e for e in self.config['name'] if e.isalnum()) self.opencti_connector_helper = OpenCTIConnectorHelper( connector_identifier.lower(), self.config, self.config_rabbitmq, self.config['log_level'])
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.helper = OpenCTIConnectorHelper(config) # Extra config self.thehive_url = get_config_variable( "THEHIVE_URL", ["thehive", "url"], config ) self.thehive_api_key = get_config_variable( "THEHIVE_API_KEY", ["thehive", "api_key"], config ) self.thehive_check_ssl = get_config_variable( "THEHIVE_CHECK_SSL", ["thehive", "check_ssl"], config, False, True ) self.thehive_organization_name = get_config_variable( "THEHIVE_ORGANIZATION_NAME", ["thehive", "organization_name"], config ) self.thehive_import_from_date = get_config_variable( "THEHIVE_IMPORT_FROM_DATE", ["thehive", "import_from_date"], config, False, datetime.utcfromtimestamp(int(time.time())).strftime("%Y-%m-%d %H:%M:%S"), ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) self.identity = self.helper.api.identity.create( type="Organization", name=self.thehive_organization_name, description=self.thehive_organization_name, ) self.thehive_api = TheHiveApi( self.thehive_url, self.thehive_api_key, cert=self.thehive_check_ssl )
def __init__(self): # Get configuration config_file_path = os.path.dirname( os.path.abspath(__file__)) + '/config.yml' self.config = dict() if os.path.isfile(config_file_path): config = yaml.load(open(config_file_path), Loader=yaml.FullLoader) self.config_rabbitmq = config['rabbitmq'] self.config['name'] = config['cve']['name'] self.config['confidence_level'] = config['cve']['confidence_level'] self.config['nvd_data_feed'] = config['cve']['nvd_data_feed'] self.config['entities'] = config['cve']['entities'].split(',') self.config['interval'] = config['cve']['interval'] self.config['log_level'] = config['cve']['log_level'] else: self.config_rabbitmq = dict() self.config_rabbitmq['hostname'] = os.getenv( 'RABBITMQ_HOSTNAME', 'localhost') self.config_rabbitmq['port'] = os.getenv('RABBITMQ_PORT', 5672) self.config_rabbitmq['username'] = os.getenv( 'RABBITMQ_USERNAME', 'guest') self.config_rabbitmq['password'] = os.getenv( 'RABBITMQ_PASSWORD', 'guest') self.config['name'] = os.getenv( 'CVE_NAME', 'Common Vulnerabilities and Exposures') self.config['confidence_level'] = int( os.getenv('CVE_CONFIDENCE_LEVEL', 3)) self.config['nvd_data_feed'] = os.getenv( 'CVE_DATA_FEED', 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-recent.json.gz' ) self.config['entities'] = os.getenv('CVE_ENTITIES', 'vulnerability').split(',') self.config['interval'] = os.getenv('CVE_INTERVAL', 5) self.config['log_level'] = os.getenv('CVE_LOG_LEVEL', 'info') # Initialize OpenCTI Connector connector_identifier = ''.join(e for e in self.config['name'] if e.isalnum()) self.opencti_connector_helper = OpenCTIConnectorHelper( connector_identifier.lower(), self.config, self.config_rabbitmq, self.config['log_level'])
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.SafeLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) self.organization = get_config_variable("ORGANIZATION", ["sighting", "organization"], config) self.labels = get_config_variable("SIGHTING_LABELS", ["sighting", "labels"], config).split(",") self.identity = self.helper.api.identity.create( type="Organization", name=self.organization, description=self.organization + " created by the Sighting connector", )
def __init__(self, config, dryrun): self.config = config['OpenCTI'] self.dryrun = dryrun self._get_octi_sectors() self.connector_config = { 'name': self.config['connector_name'], 'confidence_level': 3, 'entities': 'report, intrusion-set, identity', 'interval': 0, 'log_level': 'info' } confyml_path = os.path.dirname( os.path.abspath(__file__)) + '/config.yml' confyml = yaml.load( open(confyml_path), Loader=yaml.FullLoader) if os.path.isfile(confyml_path) else {} self.opencti_connector_helper = OpenCTIConnectorHelper(confyml)
def __init__(self, config, dryrun): self.config = config['OpenCTI'] self.dryrun = dryrun self._get_octi_sectors() self.connector_config = { 'name': self.config['connector_name'], 'confidence_level': 3, 'entities': 'report, intrusion-set, identity', 'interval': 0, 'log_level': 'info' } self.opencti_connector_helper = OpenCTIConnectorHelper( self.config['connector_name'].lower(), self.connector_config, { 'hostname': self.config['rabbitmq_hostname'], 'port': int(self.config['rabbitmq_port']), 'username': self.config['rabbitmq_username'], 'password': self.config['rabbitmq_password'] }, self.connector_config['log_level'])
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.helper = OpenCTIConnectorHelper(config) # Extra config self.misp_url = get_config_variable("MISP_URL", ["misp", "url"], config) self.misp_key = get_config_variable("MISP_KEY", ["misp", "key"], config) self.misp_ssl_verify = get_config_variable( "MISP_SSL_VERIFY", ["misp", "ssl_verify"], config ) self.misp_create_report = get_config_variable( "MISP_CREATE_REPORTS", ["misp", "create_reports"], config ) self.misp_report_class = ( get_config_variable("MISP_REPORT_CLASS", ["misp", "report_class"], config) or "MISP Event" ) self.misp_import_from_date = get_config_variable( "MISP_IMPORT_FROM_DATE", ["misp", "import_from_date"], config ) self.misp_import_tags = get_config_variable( "MISP_IMPORT_TAGS", ["misp", "import_tags"], config ) self.misp_interval = get_config_variable( "MISP_INTERVAL", ["misp", "interval"], config, True ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) # Initialize MISP self.misp = ExpandedPyMISP( url=self.misp_url, key=self.misp_key, ssl=self.misp_ssl_verify, debug=False )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname(os.path.abspath(__file__)) + "/config.yml" config = ( yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {} ) self.helper = OpenCTIConnectorHelper(config) warninglists_slow_search = bool( get_config_variable( "HYGIENE_WARNINGLISTS_SLOW_SEARCH", ["hygiene", "warninglists_slow_search"], config, default=False, ) ) self.enrich_subdomains = bool( get_config_variable( "HYGIENE_ENRICH_SUBDOMAINS", ["hygiene", "enrich_subdomains"], config, default=False, ) ) self.helper.log_info(f"Warning lists slow search: {warninglists_slow_search}") self.warninglists = WarningLists(slow_search=warninglists_slow_search) # Create Hygiene Tag self.label_hygiene = self.helper.api.label.create( value="Hygiene", color="#fc0341" ) if self.enrich_subdomains: self.label_hygiene_parent = self.helper.api.label.create( value="Hygiene_parent", color="#fc0341" )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.opencti_sectors_file_url = get_config_variable( "CONFIG_SECTORS_FILE_URL", ["config", "sectors_file_url"], config) self.opencti_geography_file_url = get_config_variable( "CONFIG_GEOGRAPHY_FILE_URL", ["config", "geography_file_url"], config) self.opencti_interval = get_config_variable("CONFIG_INTERVAL", ["config", "interval"], config, True) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.cve_import_history = get_config_variable( "CVE_IMPORT_HISTORY", ["cve", "import_history"], config, False) self.cve_nvd_data_feed = get_config_variable("CVE_NVD_DATA_FEED", ["cve", "nvd_data_feed"], config) self.cve_interval = get_config_variable("CVE_INTERVAL", ["cve", "interval"], config, True) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.amitt_file_url = get_config_variable("AMITT_FILE_URL", ["amitt", "amitt_file_url"], config) self.pre_amitt_file_url = get_config_variable( "PRE_AMITT_FILE_URL", ["amitt", "pre_amitt_file_url"], config) self.amitt_interval = get_config_variable("AMITT_INTERVAL", ["amitt", "interval"], config, True) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, )
def __init__(self): # Instantiate the connector helper from config config_file_path = os.path.dirname( os.path.abspath(__file__)) + "/config.yml" config = (yaml.load(open(config_file_path), Loader=yaml.FullLoader) if os.path.isfile(config_file_path) else {}) self.helper = OpenCTIConnectorHelper(config) # Extra config self.fireeye_api_url = get_config_variable("FIREEYE_API_URL", ["fireeye", "api_url"], config) self.fireeye_api_v3_public = get_config_variable( "FIREEYE_API_V3_PUBLIC", ["fireeye", "api_v3_public"], config) self.fireeye_api_v3_secret = get_config_variable( "FIREEYE_API_V3_SECRET", ["fireeye", "api_v3_secret"], config) self.fireeye_collections = get_config_variable( "FIREEYE_COLLECTIONS", ["fireeye", "collections"], config).split(",") self.fireeye_import_start_date = get_config_variable( "FIREEYE_IMPORT_START_DATE", ["fireeye", "import_start_date"], config, ) self.update_existing_data = get_config_variable( "CONNECTOR_UPDATE_EXISTING_DATA", ["connector", "update_existing_data"], config, ) self.added_after = parse(self.fireeye_import_start_date).timestamp() self.identity = self.helper.api.identity.create( type="Organization", name="FireEye, Inc.", description= "FireEye is a publicly traded cybersecurity company headquartered in Milpitas, California. It has been involved in the detection and prevention of major cyber attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks. FireEye was founded in 2004.", ) # Init variables self.auth_token = None self._get_token()
def __init__(self): # Instantiate the connector helper from config config_file_path = Path(__file__).parent.parent.resolve() / "config.yml" config = ( yaml.load(open(config_file_path, encoding="utf8"), Loader=yaml.FullLoader) if config_file_path.is_file() else {} ) self.helper = OpenCTIConnectorHelper(config) self.base_url = get_config_variable( "RISKIQ_BASE_URL", ["riskiq", "base_url"], config ) self.interval_sec = get_config_variable( "RISKIQ_INTERVAL_SEC", ["riskiq", "interval_sec"], config ) user = get_config_variable("RISKIQ_USER", ["riskiq", "user"], config) password = get_config_variable( "RISKIQ_PASSWORD", ["riskiq", "password"], config ) self.create_indicators = get_config_variable( "RISKIQ_CREATE_INDICATORS", ["riskiq", "create_indicators"], config, False, True, ) # Create the author for all reports. self.author = Identity( name=self._DEFAULT_AUTHOR, identity_class="organization", description=" RiskIQ is a cyber security company based in San Francisco, California." " It provides cloud - based software as a service(SaaS) for organizations" " to detect phishing, fraud, malware, and other online security threats.", confidence=self.helper.connect_confidence_level, ) # Initialization of the client self.client = RiskIQClient(self.base_url, user, password)