search

CYBEX-P / tahoe

A Cyberthreat Language (CTL) to replace STIX
Other
0 stars 1 forks source link

readme

unittests

TAHOE — A Cyberthreat Language

Any CIS platform like CYBEX-P potentially handles hundreds of different data formats. Thus, it needs a standard data format and structure to represent threat data. Examples of threat data are email, firewall logs, malware signatures, file hashes etc. A cyberthreat language (CTL) is a specification of how to format and serialize any kind of threat data. CYBEX-P uses TAHOE instead of other CTLs like STIX or MISP. TAHOE structures threat data as JSON documents.

This repository is a Python library that should be used to structure any threat data in TAHOE format. Find the complete TAHOE specification in /specification. The documentation is in /docs.

Installation

  1. Download & install Python 3.9.x.

  2. Create and activate Python virtual environment (official documentation). \ Create: python -m venv myenv \ Activate in Ubuntu: source myenv/bin/activate \ Activate in Windows: source myenv/Scripts/activate

  3. Download the files from the TAHOE repository.

    git clone https://github.com/CYBEX-P/tahoe

  4. Install

    cd tahoe
python setup.py install

  5. Unittest

    python -m unittest

TAHOE Data Instance

A piece of TAHOE data is called an instance and there are 5 types of TAHOE instances —

  1. Raw A data instance stores unprocessed user data.

  2. Attribute The most basic datatype that holds a single piece of information, like an IP address.

  3. Object Groups several attributes or other objects together, e.g., a file may have a filename attribute and a file-size attribute.

  4. Event An event consists of one or more attributes or objects along with a timestamp. Events structure attributes or objects into complete threat data.

  5. Session A session groups arbitrarily related events. (e.g. events when a user visits a website).

python setup.py sdist
pip install dist/tahoe

Documentation Generation

gen docs

python3 -m venv sphinx-env
source sphinx-env/bin/activate
pip install -r docs/requirements.txt # doc gen requirements
python3 setup.py install # install requirements for tahoe
cd docs

# the following step might not be needed depending how it is imported
# if modules.rst and reStructuredText files are used somewhere in the source docs 
#then use the following line to regenerate modules
sphinx-apidoc -f -o source/ ../tahoe # regenerate automatic file generation

make clean html

output is in docs/build/html.

information

basic rst language
how to import docstring directly into current file.
generate reStructuredText files (using modules.rst)
https://medium.com/@richdayandnight/a-simple-tutorial-on-how-to-document-your-python-project-using-sphinx-and-rinohtype-177c22a15b5b
manipulating the toctree