Small script to retrieve information from Facebook Threat Exchange and push to MISP. In the future, the script should also take the info from MISP and share back to Threat Exchange
- Install the required dependencies
sudo pip install pymisp sudo pip install requests sudo pip install ast
- Copy the script default-configuration.py to configuration.py
The script take a part of his configuration from configuration.py that HAD to stay in the same directory than Facebook2ISP.py.
Important variables are:
- Facebook API configuration:
# Facebook Threat Exchange TX_APP_ID="1234567890" # Facebook AP ID as given in the app dashboard TX_APP_SECRET="azertyuiop" # Facebook AP secret as given in the app dashboard TX_PROXY=False # set to True if proxy has to be used to communicate to Facebook
- MISP configuration
# MISP MISP_URI="https://10.20.30.40/" # MISP URL MISP_API="azertyuiop" # MISP API key as available inside MISP user profile MISP_PROXY=False # set to True if proxy has to be used to communicate with MISP instance
- Proxy configuration
# Proxy configuration
# PROXIES = None if no proxy are required. Otherwise, put the following format
PROXIES= {
'http' : "http://[user]:[pass]@[proxy addr]:[proxy port]",
'https' : "http://[user]:[pass]@[proxy addr]:[proxy port]"
}
TODO :)
The script probably contains bugs or missing features. Feel free to open Issues on this GitHub project.
- Facebook Threat Exchange: https://developers.facebook.com/docs/threat-exchange/v2.8
- MISP project: http://www.misp-project.org/