-
Notifications
You must be signed in to change notification settings - Fork 234
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d342862
commit 7101184
Showing
23 changed files
with
1,449 additions
and
0 deletions.
There are no files selected for viewing
Empty file.
105 changes: 105 additions & 0 deletions
105
stix_shifter_modules/abuseipdb/configuration/config.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
{ | ||
"connection": { | ||
"type": { | ||
"id": "AbuseIPDB_Connector", | ||
"displayName": "AbuseIPDB", | ||
"description": "Determine whether an IP was reported or not as malicious by AbuseIPDB." | ||
}, | ||
"options": { | ||
"type": "fields", | ||
"concurrent": { | ||
"default": 4, | ||
"min": 1, | ||
"max": 100, | ||
"type": "number", | ||
"previous": "connection.maxConcurrentSearches" | ||
}, | ||
"result_limit": { | ||
"default": 10000, | ||
"min": 1, | ||
"max": 500000, | ||
"type": "number", | ||
"previous": "connection.resultSizeLimit", | ||
"hidden": true | ||
}, | ||
"time_range": { | ||
"default": 5, | ||
"min": 1, | ||
"max": 10000, | ||
"type": "number", | ||
"previous": "connection.timerange", | ||
"nullable": true, | ||
"hidden": true | ||
}, | ||
"timeout": { | ||
"default": 30, | ||
"min": 1, | ||
"max": 60, | ||
"type": "number", | ||
"previous": "connection.timeoutLimit" | ||
} | ||
}, | ||
"help": { | ||
"default": "www.ibm.com", | ||
"type": "link" | ||
}, | ||
"namespace":{ | ||
"type": "text", | ||
"default": "9d4bedaf-d351-4f50-930f-f8eb121e5bae", | ||
"hidden": true | ||
}, | ||
"host": { | ||
"type": "text", | ||
"default": "", | ||
"hidden": true | ||
}, | ||
"port": { | ||
"default": 443, | ||
"type": "number", | ||
"min": 1, | ||
"max": 65535, | ||
"hidden": true | ||
} | ||
}, | ||
"configuration": { | ||
"auth": { | ||
"type" : "fields", | ||
"key":{ | ||
"type":"password" | ||
} | ||
}, | ||
"rateLimit": { | ||
"type": "fields", | ||
"rateLimit": { | ||
"default": 1000, | ||
"type": "number", | ||
"hidden": true | ||
}, | ||
"rateUnit": { | ||
"type": "text", | ||
"default": "Day", | ||
"hidden": true | ||
} | ||
}, | ||
"cacheDuration": { | ||
"type": "fields", | ||
"cacheDuration": { | ||
"default": 10, | ||
"type": "number", | ||
"hidden": true | ||
}, | ||
"unit": { | ||
"default": "Minute", | ||
"type": "text", | ||
"hidden": true | ||
} | ||
}, | ||
"dataTypeList": { | ||
"type": "fields", | ||
"ip": { | ||
"type": "checkbox", | ||
"default": true | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
{ | ||
"connection": { | ||
"options": { | ||
"concurrent": { | ||
"label": "Concurrent Search Limit", | ||
"description": "The number of simultaneous connections that can be made between the host and the data source. Valid input range is {{min}} to {{max}}." | ||
}, | ||
"search_timeout": { | ||
"label": "Query Search Timeout Limit", | ||
"description": "The limit on how long the query will run, in minutes, on the data source." | ||
} | ||
}, | ||
"host": { | ||
"label": "Management IP address or Hostname", | ||
"placeholder": "192.168.1.10", | ||
"description": "Specify the OCP Cluster hostname or the XForce API host URL" | ||
}, | ||
"port": { | ||
"label": "Host Port", | ||
"description": "Set the port number that is associated with the Host name or IP" | ||
}, | ||
"namespace": { | ||
"label": "The UUID Namespace to generate unique ", | ||
"description": "Supply a UUID to generate deterministic UUIDs for the resulting STIX bundle" | ||
} | ||
}, | ||
"configuration": { | ||
"auth": { | ||
"key": { | ||
"label": "Key", | ||
"description": "The APIKey for AbuseIPDB Threat Feed" | ||
} | ||
}, | ||
"rateLimit": { | ||
"rateLimit": { | ||
"label": "Rate Limit", | ||
"description": "The number of queries allowed by AbuseIPDB" | ||
}, | ||
"rateUnit": { | ||
"label": "Rate Unit", | ||
"description": "The rate unit for rate limit in [seconds, minutes, days, months, years ...]" | ||
} | ||
}, | ||
"cacheDuration": { | ||
"cacheDuration": { | ||
"label": "Cache Duration", | ||
"description": "How long should we cache the results of the STIX Bundle execution?" | ||
}, | ||
"unit": { | ||
"label": "Rate Unit", | ||
"description": "The unit for cache in [seconds, minutes, days, months, years ...]" | ||
} | ||
}, | ||
"dataTypeList": { | ||
"ip": { | ||
"label": "IP Address", | ||
"description": "Whether IP Address lookup queries are supported by AbuseIPDB based on the User's API Provisioning" | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
from stix_shifter_utils.utils.base_entry_point import BaseEntryPoint | ||
from stix_shifter_utils.modules.base.stix_transmission.base_sync_connector import BaseSyncConnector | ||
from .stix_transmission.ping_connector import PingConnector | ||
from .stix_transmission.delete_connector import DeleteConnector | ||
from .stix_transmission.results_connector import ResultsConnector | ||
from .stix_transmission.api_client import APIClient | ||
from .stix_translation.query_translator import QueryTranslator | ||
from .stix_translation.results_translator import ResultsTranslator | ||
import os | ||
|
||
class EntryPoint(BaseEntryPoint): | ||
|
||
def __init__(self, connection={}, configuration={}, options={}): | ||
super().__init__(connection, configuration, options) | ||
self.set_async(False) | ||
if connection: | ||
api_client = APIClient(connection, configuration) | ||
base_sync_connector = BaseSyncConnector() | ||
ping_connector = PingConnector(api_client) | ||
query_connector = base_sync_connector | ||
status_connector = base_sync_connector | ||
results_connector = ResultsConnector(api_client) | ||
delete_connector = DeleteConnector(api_client) | ||
|
||
self.set_results_connector(results_connector) | ||
self.set_status_connector(status_connector) | ||
self.set_delete_connector(delete_connector) | ||
self.set_query_connector(query_connector) | ||
self.set_ping_connector(ping_connector) | ||
|
||
# Use default translation setup with default dialect otherwise... | ||
# self.setup_translation_simple(dialect_default='default') | ||
|
||
basepath = os.path.dirname(__file__) | ||
filepath = os.path.abspath(os.path.join(basepath, "stix_translation")) | ||
|
||
dialect = 'default' | ||
query_translator = QueryTranslator(options, dialect, filepath) | ||
results_translator = ResultsTranslator(options, dialect, filepath) | ||
self.add_dialect(dialect, query_translator=query_translator, results_translator=results_translator, default=True) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
uuid==1.30 |
Empty file.
12 changes: 12 additions & 0 deletions
12
stix_shifter_modules/abuseipdb/stix_translation/json/from_stix_map.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
{ | ||
"ipv4-addr": { | ||
"fields": { | ||
"value":["SourceIpV4", "DestinationIpV4"] | ||
} | ||
}, | ||
"ipv6-addr": { | ||
"fields":{ | ||
"value":["SourceIpV6", "DestinationIpV6"] | ||
} | ||
} | ||
} |
16 changes: 16 additions & 0 deletions
16
stix_shifter_modules/abuseipdb/stix_translation/json/operators.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
{ | ||
"ComparisonExpressionOperators.And": "AND", | ||
"ComparisonExpressionOperators.Or": "OR", | ||
"ComparisonComparators.GreaterThan": ">", | ||
"ComparisonComparators.GreaterThanOrEqual": ">=", | ||
"ComparisonComparators.LessThan": "<", | ||
"ComparisonComparators.LessThanOrEqual": "<=", | ||
"ComparisonComparators.Equal": "=", | ||
"ComparisonComparators.NotEqual": "!=", | ||
"ComparisonComparators.Like": "=", | ||
"ComparisonComparators.In": "IN", | ||
"ComparisonComparators.Matches": "CONTAINS", | ||
"ComparisonComparators.IsSubSet": "insubnet", | ||
"ObservationOperators.Or": "OR", | ||
"ObservationOperators.And": "AND" | ||
} |
3 changes: 3 additions & 0 deletions
3
stix_shifter_modules/abuseipdb/stix_translation/json/to_stix_map.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
{ | ||
|
||
} |
Oops, something went wrong.