Skip to content
This repository has been archived by the owner on May 23, 2019. It is now read-only.

where do i start feeds

Wes edited this page Apr 17, 2017 · 12 revisions

Overview

These integrations assume you have the python SDK or perl SDK or successfully installed and a valid ~/.cif.yml config. Installing the python client is as easy as:

$ sudo pip 'cifsdk>=2.0,<3.0'

Starter Feeds

If you're not familiar with the [output] Feeds concept with CIF, checkout the CIF book. The most common feed combinations are:

IPV4

$ cif --feed --otype ipv4 --confidence 85 --tags scanner
$ cif --feed --otype ipv4 --confidence 85 --tags hijacked
$ cif --feed --otype ipv4 --confidence 85 --tags botnet
$ cif --feed --otype ipv4 --confidence 85 --tags malware
$ cif --feed --otype ipv4 --confidence 85 --tags spam 

FQDN

$ cif --feed --otype fqdn --confidence 85 --tags botnet
$ cif --feed --otype fqdn --confidence 85 --tags malware
$ cif --feed --otype fqdn --confidence 85 --tags phishing

$ cif --feed --otype fqdn --confidence 65 --tags malware

URL

$ cif --feed --otype url --confidence 85 --tags phishing
$ cif --feed --otype url --confidence 85 --tags malware
$ cif --feed --otype url --confidence 85 --tags botnet
Clone this wiki locally