giovino
commented
9 years ago I think the SDK example failed because a group was not specified. I updated the SDK wiki page and it should work with that example.
For example:
echo '{"observable":"example.com","tlp":"amber","confidence":"85","tags":"malware","provider":"me.com","group":"everyone"}' | /usr/local/bin/cif --no-verify-ssl --remote 'https://localhost' -s --token 1234...cif -q example.com --provider me.com
tlp |group |reporttime |observable |cc|asn|confidence|tags |description|rdata|provider|altid_tlp|altid
amber|everyone|2015-07-28T11:40:42Z|example.com| | |85 |malware| | |me.com | |
amber|everyone|2015-07-28T11:41:36Z|example.com| | |85 | | | |me.com | |
amber|everyone|2015-07-28T11:42:01Z|example.com| | |85 |malware| | |me.com | |
amber|everyone|2015-07-28T11:44:39Z|example.com| | |85 |malware| | |me.com | | Please let us know your results.
jgedeon120
I'm trying to manually submit one off data via the CLI, as shown here https://github.com/csirtgadgets/massive-octo-spice/wiki/SDK. I keep getting 500 error codes. I did find that I needed to change it to
echo '[{"observable":"","tlp":"amber","confidence":"95","provider":"testing","tags":"scanner","description":"Openvas Scanner"}]' | cif --no-verify-ssl --remote 'https://192.168.1.120' -s --token
To get an actual 500 error code, the cif-startmanlog.log shows "[Mon Jul 27 15:04:18 2015] [error] Not a HASH reference at /opt/cif/bin/../lib/perl5/CIF/REST/Observables.pm line 97."
The goal is to create a bash script to input the one off data so users don't have to install the browser client.