Rewrite CIF3 plugin to convert STIX-2 Indicators #106

0snap · 2021-03-17T13:51:40Z

Following up on the STIX-2 rewrite of Threat Bus: this PR updates the CIF3 plugin.

Code review should be enough as this plugin has seen little attention and there are no unit tests, to begin with.

If you want to test interactively:

Follow the instructions in the CIF3 plugin's readme to start a CIF3 container and copy the API TOKEN to your Threat Bus config.yaml
Send Indicators via Threat Bus and confirm they make their way into CIF3 (e.g., see the logs)

lava

The docker build of CIF seems to be currently broken, so I was not able to personally test the plugin changes as described in the instructions.

However, the code itself looks good to me, so I'm approving this PR.

0snap · 2021-03-22T10:56:24Z

I tested this with a local installation of CIF 3 and indicators updates are forwarded to CIF without errors.

0snap added 4 commits March 17, 2021 14:32

Depend on newest Threat Bus version to support STIX-2

7d7ce63

Map STIX-2 Indicators to CIF3 format

de8f4ef

Update CIF3 readme

3e19196

Re-enable CIF3 plugin

c21cd21

0snap requested review from tobim and mavam March 17, 2021 13:51

0snap added the feature New functionality label Mar 17, 2021

lava approved these changes Mar 22, 2021

View reviewed changes

0snap merged commit 821ba15 into story/ch23320 Mar 22, 2021

0snap deleted the story/ch22588 branch March 22, 2021 10:56

Provide feedback