Collects Malware Indicators via Intel 471 TITAN API.
To use this collector, the user must be an existing Intel 471 customer with TITAN API access.
- Existing customers Please contact support@intel471.com to enable API access if not currently enabled
- New customers Please contact sales at https://intel471.com/company/sales-contact-us
Obtain your API credentials from the API page of TITAN portal. The username will be the email address registered with TITAN and the password is the API key.
Although the final way of executing the data collector is using a Docker container, the data collector can be executed in a local non dockerized environment.
python3 -m devocollectorsdk.main --config <config_filename>.yaml
This is a screenshot of a running configuration:
The required Python package (
devo-collector-sdk==1.7.2) is not still published in a public repository (the process on going) and, meanwhile this is done, a manual installation has to be done, it can be used the following command:pip install ./devo-collector-sdk-1.7.2.tar.gz
The following bash script must be executed from the collector's root directory.
./build_tools/build_docker.shChange <version> to current version of the collector. (Current version is 1.0.0)
docker run \
--name intel471-collector \
--volume $PWD/certs:/devo-collector/certs \
--volume $PWD/config:/devo-collector/config \
--volume $PWD/credentials:/devo-collector/credentials \
--volume $PWD/state:/devo-collector/state \
--env CONFIG_FILE=config.yaml \
--rm --interactive --tty \
devo.com/collectors/intel471:<version>The security vulnerabilities can be checked using the Trivy software (https://trivy.dev/)
Change <version> to current version of the collector.
trivy image --severity CRITICAL,HIGH,UNKNOWN path_to_collector_image:<version>Change <version> to current version of the collector.
docker run aquasec/trivy image --severity CRITICAL,HIGH,UNKNOWN devo.com/collectors/intel471:<version>