CIF Software Development Kit for Python

The CIF Software Development Kit (SDK) for Python contains library code and examples designed to enable developers to build applications using CIF.

WARNING

Before you begin, be careful when installing this on a CIF Server Instance. This WILL OVERWRITE the p5-cif-sdk bin/cif command on the server. This SDK is meant to be used as a client interacting with a REMOTE CIF Instance.

Installation

Ubuntu

$ sudo apt-get install -y python-dev python-pip git
$ pip install 'cifsdk>=2.0,<3.0'

CentOS v 7

$ yum -y update
$ sudo rpm -iUvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo yum install -y gcc python-pip python-devel git libffi-devel openssl-devel python-virtualenvwrapper python-virtualenv
$ pip install 'cifsdk>=2.0,<3.0'

Examples

Client

Config

# ~/.cif.yml
client:
  remote: https://localhost
  token: 1234

Running out of the box

These plugins are minimal and run out of the box

$ cif --token 1234 --remote 'https://localhost' -q example.com
$ cif --token 1234 --remote 'https://localhost' -q example.com --format csv
$ cif --token 1234 --remote 'https://localhost' -q example.com --format table
$ cif --token 1234 --remote 'https://localhost' -q example.com --format json

Running with 3rd party plugins

These plugins typically require extra [bloated] code, not installed by default

STIX

$ pip install stix  # requires many other 3rd party xml bloat
$ cif --token 1234 --remote 'https://localhost' -q example.com --format stix

API

Search

import logging
from cifsdk.client import Client
from cifsdk.format import Table

LOG_FORMAT = '%(asctime)s - %(levelname)s - %(name)s[%(lineno)s] - %(message)s'
loglevel = logging.INFO
console = logging.StreamHandler()
logging.getLogger('').setLevel(loglevel)
console.setFormatter(logging.Formatter(LOG_FORMAT))
logging.getLogger('').addHandler(console)

cli = Client(token='1234',
             remote='https://localhost',
             verify_ssl=False)


ret = cli.search('example.com')
print Table(ret)

filters = {
  "observable": "example.com",
  "confidence": 35,
}

ret = cli.search(filters=filters)
print(Table(ret))

Submit

import logging
from cifsdk.client import Client

LOG_FORMAT = '%(asctime)s - %(levelname)s - %(name)s[%(lineno)s] - %(message)s'
loglevel = logging.INFO
console = logging.StreamHandler()
logging.getLogger('').setLevel(loglevel)
console.setFormatter(logging.Formatter(LOG_FORMAT))
logging.getLogger('').addHandler(console)

data = '{"observable":"example4.com","tlp":"amber","confidence":"85","tags":"malware","provider":"example.com","group":"everyone"}'

cli = Client(token='1234',
            remote='https://localhost',
            verify_ssl=False)

ret = cli.submit(data)
print("submission id: {0}".format(ret))

Ping

from cifsdk.client import Client
...

ret = cli.ping()
print("roundtrip: %s ms" % ret)

Support and Documentation

You can also look for information at the GitHub repo.

License and Copyright

Free use of this software is granted under the terms of the GNU Lesser General Public License (LGPL v3.0). For details see the file LICENSE included with the distribution.

Name		Name	Last commit message	Last commit date
Latest commit History 367 Commits
cifsdk		cifsdk
docs		docs
test		test
.gitattributes		.gitattributes
.gitignore		.gitignore
.travis.yml		.travis.yml
LICENSE		LICENSE
MANIFEST.in		MANIFEST.in
README		README
README.md		README.md
Vagrantfile		Vagrantfile
Vagrantfile.centos		Vagrantfile.centos
requirements.txt		requirements.txt
setup.py		setup.py
versioneer.py		versioneer.py

License

csirtgadgets/cifsdk-v2

Folders and files

Latest commit

History

Repository files navigation