CIF Local Feeds - Githubissues

csirtgadgets / massive-octo-spice

DEPRECATED - USE v3 (bearded-avenger)

https://github.com/csirtgadgets/bearded-avenger-deploymentkit/wiki

GNU Lesser General Public License v3.0

227 stars 62 forks source link

CIF Local Feeds #390

Closed sametsazak closed 8 years ago

sametsazak commented 8 years ago

I created a feed configuration file to add new threat intelligence feeds, i wrote regex patterns and it works well. But I want to add more malware IPs and urls. I have some text files, how can I export them to CIF? Is there a local storage in CIF?

giovino commented 8 years ago

You can put a local file path in the "remote" key within a cif-smrt config file. example

Process:

Write a cif-smrt config file (file.yml) to parse the data in the local text file
Do not put the config file into /etc/cif/rules/default unless this local text file will be updated hourly/daily by another process.
Manually process the text file with a command something similar to this:

sudo su - cif -c "/opt/cif/bin/cif-smrt -c -d -r /home/user/file.yml"

Does this answer your question?

sametsazak commented 8 years ago

Yeah, this is totally what I want to hear. Thank you.

giovino commented 8 years ago