-
Notifications
You must be signed in to change notification settings - Fork 114
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #65 from abaasandorj/add-ibm-plugin
Add IBM x-force plugin
- Loading branch information
Showing
7 changed files
with
299 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,156 @@ | ||
openapi: 3.0.0 | ||
info: | ||
title: IBM X-Force Exchange API | ||
version: 2.0 | ||
servers: | ||
- url: https://api.xforce.ibmcloud.com/api | ||
paths: | ||
/reports/: | ||
get: | ||
operationId: Get Threat Intelligence Reports IBM | ||
summary: Get premium threat intelligence reports based on a given report type | ||
description: | | ||
This endpoint allows you to view the get Threat Intelligence reports by report type. | ||
Possible report types are threatanalysis, osintadvisory, malware, industry, and threatgroup. | ||
#ExamplePrompts Tell me about recent IBM threat intelligence reports | ||
#ExamplePrompts Show me IBM threat intelligence reports | ||
#ExamplePrompts What are the recent X-Force threat intelligence reports? | ||
#ExamplePrompts Show me X-Force threat intelligence reports | ||
parameters: | ||
- name: reportType | ||
in: path | ||
description: The type of Threat Intelligence report. Possible report types are threatanalysis, osintadvisory, malware, industry, and threatgroup. | ||
required: true | ||
schema: | ||
type: string | ||
example: "threatanalysis" | ||
- name: added_after | ||
in: query | ||
description: To get reports created after specified date, For example, 2022-10-12. If not specified, the query will return the newest IPs. | ||
required: false | ||
schema: | ||
type: string | ||
example: "2022-10-12" | ||
- name: added_before | ||
in: query | ||
description: To get reports created before specified date, For example, 2022-10-12. If not specified, the query will return the newest IPs. | ||
required: false | ||
schema: | ||
type: string | ||
example: "2022-10-12" | ||
- name: limit | ||
in: query | ||
description: The number of returned Malware Analysis Reports, default value is 200. The limit must not be larger than 200. | ||
required: false | ||
schema: | ||
type: integer | ||
example: 201 | ||
- name: skip | ||
in: query | ||
description: The startingpoint to retrieve entries, default value is 0 | ||
required: false | ||
schema: | ||
type: integer | ||
example: 0 | ||
responses: | ||
"200": | ||
description: Successful response | ||
content: | ||
application/json | ||
"403": | ||
description: Access denied | ||
"404": | ||
description: Not found | ||
|
||
/threat_groups: | ||
get: | ||
operationId: Get Threat Group Profiles IBM | ||
summary: Get a List of Threat Group Profiles. | ||
description: | | ||
Return a list of Threat Group Profiles based on an integer value of how many profiles you wish to see. | ||
#ExamplePrompts Show me the most recent IBM Threat Group Profiles | ||
#ExamplePrompts Show me the most recent X-Force threat group profiles | ||
#ExamplePrompts What are the most recent X-Force threat group profiles? | ||
#ExamplePrompts What are the IBM threat group profiles? | ||
#ExamplePrompts Show me the top 20 IBM threat group profiles. | ||
parameters: | ||
- name: limit | ||
in: query | ||
description: The number of returned Threat Group Profiles, default value is 200. The limit must not be larger than 200. | ||
required: true | ||
schema: | ||
type: integer | ||
example: 20 | ||
- name: skip | ||
in: query | ||
description: The startingpoint to retrieve entries, default value is 0 | ||
required: false | ||
schema: | ||
type: integer | ||
example: 0 | ||
responses: | ||
"200": | ||
description: Successful response | ||
content: | ||
application/json | ||
"403": | ||
description: Access denied | ||
"404": | ||
description: Not found | ||
|
||
/resolve/{input}: | ||
get: | ||
operationId: Get Dns Records IBM | ||
summary: Verify a domain name, IP address, or URL against IBM X-Force DNS records | ||
description: | | ||
This endpoint allows you to view the DNS information for a domain name, IP address, or URL. | ||
#ExamplePrompts Show me the IBM DNS records for www.bing.com | ||
#ExamplePrompts What are the IBM X-Force DNS records for https://www.bing.com/search?q=microsoft&form=QBLH&sp=-1&lq=0&pq=microsof&sc=11-8&qs=n&sk=&cvid=166E76706804404BAA7390129EE88004&ghsh=0&ghacc=0&ghpl=? | ||
#ExamplePrompts What is the IBM DNS record for www.https://www.microsoft.com/? | ||
#ExamplePrompts Are there IBM DNS records for www.https://www.google.com? | ||
parameters: | ||
- name: input | ||
in: path | ||
description: The domain name, IP Address, or URL to check for DNS information. | ||
required: true | ||
schema: | ||
type: string | ||
example: "www.bing.com" | ||
responses: | ||
"200": | ||
description: Successful response | ||
content: | ||
application/json | ||
"403": | ||
description: Access denied | ||
"404": | ||
description: Not found | ||
|
||
|
||
/whois/{host}: | ||
get: | ||
operationId: Get WHOIS IBM | ||
summary: Returns the WHOIS information for an IP, URL, or domain. | ||
description: | | ||
This endpoint allows you to view WHOIS for a domain name, IP address, or URL. | ||
#ExamplePrompts Show me the IBM whois records for www.bing.com | ||
#ExamplePrompts What is the IBM WHOIS for https://www.bing.com/search?q=microsoft&form=QBLH&sp=-1&lq=0&pq=microsof&sc=11-8&qs=n&sk=&cvid=166E76706804404BAA7390129EE88004&ghsh=0&ghacc=0&ghpl=? | ||
#ExamplePrompts IBM WHOIS www.https://www.microsoft.com/? | ||
#ExamplePrompts Is there a WHOIS for www.https://www.google.com? | ||
parameters: | ||
- name: host | ||
in: path | ||
description: The domain name,IP Address, or URL to check for WHOIS information. | ||
required: true | ||
schema: | ||
type: string | ||
example: "www.bing.com" | ||
responses: | ||
"200": | ||
description: Successful response | ||
content: | ||
application/json | ||
"403": | ||
description: Access denied | ||
"404": | ||
description: Not found |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
Descriptor: | ||
Name: IBM | ||
DisplayName: IBM X-Force Exchange (Preview) | ||
DescriptionDisplay: Threat Intelligence Profiles, Threat Group Profiles, and DNS Profiles | ||
Description: | | ||
Use this skillset to call the IBM X-Force Exchange API: | ||
- What it does: Retrieves Threat Intelligence Profiles, Threat Group Profiles, and DNS Profiles from the IBM X-Force Exchange platform. | ||
- To what categories does it belong: DNS Profile, Threat Intelligence, Threat Groups. | ||
IBM X-Force's API presents the below functions: | ||
- Get Threat Intelligence Reports IBM: Get premium threat intelligence reports based on a given report type. | ||
- Get Threat Group Profiles IBM: Get a List of Threat Group Profiles. | ||
- Get Dns Records IBM: Verify a domain name, IP address, or URL against IBM X-Force DNS records | ||
- Get WHOIS IBM: Returns the WHOIS information for an IP, URL, or domain. | ||
SupportedAuthTypes: | ||
- Basic | ||
Category: other | ||
Icon: https://www.ibm.com/brand/experience-guides/developer/b1db1ae501d522a1a4b49613fe07c9f1/01_8-bar-positive.svg #TODO: Use IBM X-Force Exchange icon | ||
|
||
SkillGroups: | ||
- Format: API | ||
Settings: | ||
OpenApiSpecUrl: https://medeinaplugins.blob.core.windows.net/gpt-plugins/ibm-xforce-web-api.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ | ||
"Name": "IBM", | ||
"Skills":[ | ||
{ | ||
"Name": "Get Threat Intelligence Reports IBM", | ||
"Path": "/reports" | ||
}, | ||
{ | ||
"Name": "Get Threat Group Profiles IBM", | ||
"Path": "/threat_groups" | ||
}, | ||
{ | ||
"Name": "Get Dns Records IBM", | ||
"Path": "/resolve/{input}" | ||
}, | ||
{ | ||
"Name": "Get WHOIS IBM", | ||
"Path": "/whois/{host}" | ||
} | ||
], | ||
"Version" :"1.0.0" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
# # IBM X-Force Thread Intelligence | ||
**Publisher: Microsoft** | ||
|
||
Product Information: | ||
https://www.ibm.com/products/xforce-threat-intelligence | ||
|
||
## Overview | ||
IBM X-Force is an online platform designed to help you understand and respond to security threats. It's a cloud service that lets you access, distribute, and take action on information about potential security risks. With this platform, you can quickly find out about new security threats around the world, gather information that you can use to protect yourself, talk to experts for advice, and work with other people who are also trying to stay safe. IBM X-Force Exchange is powered by both human expertise and automated processes, and it uses IBM X-Force's extensive resources to help users get ahead of threats that are just starting to appear. | ||
|
||
## Invoking the Plugin and Skills | ||
|
||
1. A window entitled, Manage plugins, will open. Scroll down, until you see the IBM X-Force plugin. | ||
<img src="images/ibm_settings.png" alt="settings" width="500"/> | ||
|
||
|
||
2. Click on the Setup button for the IBM X-Force plugin highlighted in the image above, a new model will appear. | ||
<img src="images/ibm_select.png" alt="settings" width="500"/> | ||
|
||
|
||
3. Enter the IBM X-Force API key and password in the Value input box and click on the Save button. Once saved, you would see an acknowledgement. | ||
<img src="images/ibm_insert.png" alt="settings" width="500"/> | ||
|
||
|
||
4. Use the IBM X-Force Skillset | ||
1. Make sure the IBM X-Force Plugin is enabled, verify by navigating to the Manage plugins tab and making sure the toggle is active. | ||
2. Run a sample prompt such as `how me the IBM whois for www.bing.com.` | ||
|
||
|
||
|
||
## Skills & Prompts | ||
|
||
1. Get Threat Intelligence Reports IBM: Get premium threat intelligence reports based on a given report type | ||
- Example Prompt(s): | ||
- Tell me about recent IBM threat intelligence report | ||
- Show me IBM X-Force threat intelligence reports | ||
- Inputs: | ||
- reportType | ||
- Description: The type of Threat Intelligence report. Possible report types are threatanalysis, osintadvisory, malware, industry, and threatgroup. | ||
- Required: true | ||
- Type: string | ||
- Example: "threatanalysis" | ||
- added_after | ||
- Description: To get reports created after specified date, For example, 2022-10-12. If not specified, the query will return the newest IPs. | ||
- Required: false | ||
- Type: string | ||
- Example: "2022-10-12" | ||
- added_before | ||
- Description: To get reports created before specified date, For example, 2022-10-12. If not specified, the query will return the newest IPs. | ||
- Required: false | ||
- Type: string | ||
- Example: "2022-10-12" | ||
- limit | ||
- Description: The number of returned Malware Analysis Reports, default value is 200. The limit must not be larger than 200. | ||
- Required: false | ||
- Type: integer | ||
- Example: 201 | ||
- skip | ||
- Description: The startingpoint to retrieve entries, default value is 0 | ||
- Required: false | ||
- Type: integer | ||
- Example: 10 | ||
2. Get Threat Group Profiles IBM: Get a List of Threat Group Profiles. | ||
- Example Prompt(s): | ||
- What are the most recent X-Force threat group profiles? | ||
- What are the IBM threat group profiles? | ||
- Show me the top 20 IBM threat group profiles. | ||
- Inputs: | ||
- limit | ||
- Description: The number of returned Malware Analysis Reports, default value is 200. The limit must not be larger than 200. | ||
- Required: false | ||
- Type: integer | ||
- Example: 201 | ||
- skip | ||
- Description: The startingpoint to retrieve entries, default value is 0 | ||
- Required: false | ||
- Type: integer | ||
- Example: 10 | ||
3. Get Dns Records IBM: Verify a domain name, IP address, or URL against IBM X-Force DNS records. | ||
- Example Prompt(s): | ||
- Show me the IBM DNS records for www.bing.com | ||
- What are the IBM X-Force DNS records for https://www.bing.com/search?q=microsoft&form=QBLH&sp=-1&lq=0&pq=microsof&sc=11-8&qs=n&sk=&cvid=166E76706804404BAA7390129EE88004&ghsh=0&ghacc=0&ghpl=? | ||
- What is the IBM DNS record for www.https://www.microsoft.com/? | ||
- Inputs: | ||
- input | ||
- Description: The domain name, IP Address, or URL to check for DNS information. | ||
- Required: true | ||
- Type: string | ||
- Example: "www.bing.com" | ||
4. Get WHOIS IBM: Returns the WHOIS information for an IP, URL, or domain. | ||
- Example Prompt(s): | ||
- Show me the IBM whois records for www.bing.com | ||
- What is the IBM WHOIS for https://www.bing.com/search?q=microsoft&form=QBLH&sp=-1&lq=0&pq=microsof&sc=11-8&qs=n&sk=&cvid=166E76706804404BAA7390129EE88004&ghsh=0&ghacc=0&ghpl=? | ||
- IBM WHOIS www.https://www.microsoft.com/? | ||
- Inputs: | ||
- host | ||
- Description: The domain name,IP Address, or URL to check for WHOIS information. | ||
- Required: true | ||
- Rype: string | ||
- Example: "www.bing.com" |