Skip to content
This repository has been archived by the owner on May 23, 2019. It is now read-only.

where do i start feeds

Gabriel Iovino edited this page Mar 28, 2016 · 12 revisions

Overview

These integrations assume you have the python SDK or perl SDK or successfully installed and a valid ~/.cif.yml config. Installing the python client is as easy as:

$ sudo pip install https://github.com/csirtgadgets/cif-sdk-py/archive/2.0.0a2.tar.gz

Starter Feeds

If you're not familiar with the [output] Feeds concept with CIF, checkout the CIF book. The most common feed combinations are:

IPV4

$ cif --feed --otype ipv4 --confidence 85 --tags scanner
$ cif --feed --otype ipv4 --confidence 85 --tags hijacked
$ cif --feed --otype ipv4 --confidence 85 --tags botnet
$ cif --feed --otype ipv4 --confidence 85 --tags malware
$ cif --feed --otype ipv4 --confidence 85 --tags spam 

FQDN

$ cif --feed --otype fqdn --confidence 85 --tags botnet
$ cif --feed --otype fqdn --confidence 85 --tags malware
$ cif --feed --otype fqdn --confidence 85 --tags phishing

$ cif --feed --otype fqdn --confidence 65 --tags malware

URL

$ cif --feed --otype url --confidence 85 --tags phishing
$ cif --feed --otype url --confidence 85 --tags malware
$ cif --feed --otype url --confidence 85 --tags botnet
Clone this wiki locally