Skip to content
Python Ruby
Branch: master
Clone or download
wesyoung Merge pull request #143 from sfinlon/master
set yaml to use safe loader
Latest commit 1f4f666 Sep 4, 2019

README.md

CIF Software Development Kit for Python

The CIF Software Development Kit (SDK) for Python contains library code and examples designed to enable developers to build applications using CIF.

Build Status

WARNING

Before you begin, be careful when installing this on a CIF Server Instance. This WILL OVERWRITE the p5-cif-sdk bin/cif command on the server. This SDK is meant to be used as a client interacting with a REMOTE CIF Instance.

Installation

Ubuntu

$ sudo apt-get install -y python-dev python-pip git
$ pip install 'cifsdk>=2.0,<3.0'

CentOS v 7

$ yum -y update
$ sudo rpm -iUvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo yum install -y gcc python-pip python-devel git libffi-devel openssl-devel python-virtualenvwrapper python-virtualenv
$ pip install 'cifsdk>=2.0,<3.0'

Examples

Client

Config

# ~/.cif.yml
client:
  remote: https://localhost
  token: 1234

Running out of the box

These plugins are minimal and run out of the box

$ cif --token 1234 --remote 'https://localhost' -q example.com
$ cif --token 1234 --remote 'https://localhost' -q example.com --format csv
$ cif --token 1234 --remote 'https://localhost' -q example.com --format table
$ cif --token 1234 --remote 'https://localhost' -q example.com --format json

Running with 3rd party plugins

These plugins typically require extra [bloated] code, not installed by default

STIX

$ pip install stix  # requires many other 3rd party xml bloat
$ cif --token 1234 --remote 'https://localhost' -q example.com --format stix

API

Search

import logging
from cifsdk.client import Client
from cifsdk.format import Table

LOG_FORMAT = '%(asctime)s - %(levelname)s - %(name)s[%(lineno)s] - %(message)s'
loglevel = logging.INFO
console = logging.StreamHandler()
logging.getLogger('').setLevel(loglevel)
console.setFormatter(logging.Formatter(LOG_FORMAT))
logging.getLogger('').addHandler(console)

cli = Client(token='1234',
             remote='https://localhost',
             verify_ssl=False)


ret = cli.search('example.com')
print Table(ret)

filters = {
  "observable": "example.com",
  "confidence": 35,
}

ret = cli.search(filters=filters)
print(Table(ret))

Submit

import logging
from cifsdk.client import Client

LOG_FORMAT = '%(asctime)s - %(levelname)s - %(name)s[%(lineno)s] - %(message)s'
loglevel = logging.INFO
console = logging.StreamHandler()
logging.getLogger('').setLevel(loglevel)
console.setFormatter(logging.Formatter(LOG_FORMAT))
logging.getLogger('').addHandler(console)

data = '{"observable":"example4.com","tlp":"amber","confidence":"85","tags":"malware","provider":"example.com","group":"everyone"}'

cli = Client(token='1234',
            remote='https://localhost',
            verify_ssl=False)

ret = cli.submit(data)
print("submission id: {0}".format(ret))

Ping

from cifsdk.client import Client
...

ret = cli.ping()
print("roundtrip: %s ms" % ret)

Support and Documentation

You can also look for information at the GitHub repo.

License and Copyright

Copyright (C) 2015 the CSIRT Gadgets Foundation

Free use of this software is granted under the terms of the GNU Lesser General Public License (LGPL v3.0). For details see the file LICENSE included with the distribution.

You can’t perform that action at this time.