Threat Intelligence Connector for Carbon Black Cloud

This is a python project that can be used for ingesting Threat Intelligence from various STIX Feeds. The current supported versions of STIX Feeds are 1.x, 2.0 and 2.1. It supports python >= 3.8

Installation

$ pip install carbon-black-cloud-threat-intelligence-connector
$ cbc-threat-intel --help
Usage: cbc-threat-intel [OPTIONS] COMMAND [ARGS]...

Options:
  --help  Show this message and exit.

Commands:
  create-feed       Creates a feed in CBC
  create-watchlist  Creates a Watchlist in CBC (from already created feed)
  process-file      Process and import a single STIX content file into...
  process-server    Process and import a TAXII Server (2.0/2.1/1.x)
  version           Shows the version of the connector

Documentation

Visit the developer network of Carbon Black Cloud for more information of how to use the connector.

Developing the connector

We rely on pull requests to keep this project maintained. By participating in this project, you agree to abide by the VMware code of conduct.

Setup

It is recommended to use Python3.8 / Python3.9 version for that project, assuming that you installed the deps with either virtualenv or poetry.

For a good code quality make sure to install the hooks from pre-commit as well.

$ pre-commit install

Installation

Clone the repository

$ git clone https://github.com/carbonblack/carbon-black-cloud-threat-intelligence-connector.git
$ cd carbon-black-cloud-threat-intelligence-connector/

You can install this connector either via Poetry or using the virtualenv.

Using Poetry

You will need to install poetry first.

To install the connector run:

$ poetry install

Using virtualenv

You will need to install virtualenv first.

$ virtualenv venv
...
$ source ./venv/bin/activate
(venv) $ pip install -r requirements.txt

Tests

The tests can be run with the following command:

$ pytest ./tests/unit/

For running the performance tests check out the README

Support

View all API and integration offerings on the Developer Network along with reference documentation, video tutorials, and how-to guides.
Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community.
Create a github issue for bugs and change requests or create a ticket with Carbon Black Support.

Submitting a PR

It is strongly recommended to have written tests and documentation for your changes before submitting a PR to the project. Make sure to write good commit messages as well.

Name		Name	Last commit message	Last commit date
Latest commit History 279 Commits
.github		.github
cbc_importer		cbc_importer
docker		docker
examples/docker_example		examples/docker_example
tests		tests
.coveragerc		.coveragerc
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
CODE-OF-CONDUCT.md		CODE-OF-CONDUCT.md
LICENSE		LICENSE
README.md		README.md
codeship-services.yml		codeship-services.yml
codeship-steps.yml		codeship-steps.yml
env.encrypted		env.encrypted
example.yml		example.yml
mypy.ini		mypy.ini
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
requirements.txt		requirements.txt
setup.cfg		setup.cfg

License

carbonblack/carbon-black-cloud-threat-intelligence-connector

Folders and files

Latest commit

History

Repository files navigation

Threat Intelligence Connector for Carbon Black Cloud

Installation

Documentation

Developing the connector

Setup

Installation

Using Poetry

Using virtualenv

Tests

Support

Submitting a PR

About

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Languages