Skip to content

sfinlon/cif-sdk-py

BranchesTags
 
 

Repository files navigation

CIF Software Development Kit for Python

The CIF Software Development Kit (SDK) for Python contains library code and examples designed to enable developers to build applications using CIF.

Build Status

WARNING

Before you begin, be careful when installing this on a CIF Server Instance. This WILL OVERWRITE the p5-cif-sdk bin/cif command on the server. This SDK is meant to be used as a client interacting with a REMOTE CIF Instance.

Installation

Ubuntu

$ sudo apt-get install -y python-dev python-pip git
$ pip install 'cifsdk>=2.0,<3.0'

CentOS v 7

$ yum -y update
$ sudo rpm -iUvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
$ sudo yum install -y gcc python-pip python-devel git libffi-devel openssl-devel python-virtualenvwrapper python-virtualenv
$ pip install 'cifsdk>=2.0,<3.0'

Examples

Client

Config

# ~/.cif.yml
client:
  remote: https://localhost
  token: 1234

Running out of the box

These plugins are minimal and run out of the box

$ cif --token 1234 --remote 'https://localhost' -q example.com
$ cif --token 1234 --remote 'https://localhost' -q example.com --format csv
$ cif --token 1234 --remote 'https://localhost' -q example.com --format table
$ cif --token 1234 --remote 'https://localhost' -q example.com --format json

Running with 3rd party plugins

These plugins typically require extra [bloated] code, not installed by default

STIX

$ pip install stix  # requires many other 3rd party xml bloat
$ cif --token 1234 --remote 'https://localhost' -q example.com --format stix

API

Search

import logging
from cifsdk.client import Client
from cifsdk.format import Table

LOG_FORMAT = '%(asctime)s - %(levelname)s - %(name)s[%(lineno)s] - %(message)s'
loglevel = logging.INFO
console = logging.StreamHandler()
logging.getLogger('').setLevel(loglevel)
console.setFormatter(logging.Formatter(LOG_FORMAT))
logging.getLogger('').addHandler(console)

cli = Client(token='1234',
             remote='https://localhost',
             verify_ssl=False)


ret = cli.search('example.com')
print Table(ret)

filters = {
  "observable": "example.com",
  "confidence": 35,
}

ret = cli.search(filters=filters)
print(Table(ret))

Submit

import logging
from cifsdk.client import Client

LOG_FORMAT = '%(asctime)s - %(levelname)s - %(name)s[%(lineno)s] - %(message)s'
loglevel = logging.INFO
console = logging.StreamHandler()
logging.getLogger('').setLevel(loglevel)
console.setFormatter(logging.Formatter(LOG_FORMAT))
logging.getLogger('').addHandler(console)

data = '{"observable":"example4.com","tlp":"amber","confidence":"85","tags":"malware","provider":"example.com","group":"everyone"}'

cli = Client(token='1234',
            remote='https://localhost',
            verify_ssl=False)

ret = cli.submit(data)
print("submission id: {0}".format(ret))

Ping

from cifsdk.client import Client
...

ret = cli.ping()
print("roundtrip: %s ms" % ret)

Support and Documentation

You can also look for information at the GitHub repo.

License and Copyright

Copyright (C) 2015 the CSIRT Gadgets Foundation

Free use of this software is granted under the terms of the GNU Lesser General Public License (LGPL v3.0). For details see the file LICENSE included with the distribution.

About

python SDK for CIFv2

csirtgadgets.org/collective-intelligence-framework/

Resources

Readme

License

LGPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

30 tags

Packages

No packages published

Languages

  • Python 99.3%
  • Ruby 0.7%