Skip to content

Commit

Permalink
Conflict fixes with clean start
Browse files Browse the repository at this point in the history
  • Loading branch information
Radargoger committed Jan 29, 2025
1 parent 8baea09 commit 817da0b
Show file tree
Hide file tree
Showing 7 changed files with 532 additions and 0 deletions.
23 changes: 23 additions & 0 deletions external-import/socradar/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
FROM python:3.11

# Install system dependencies
RUN apt-get update && apt-get install -y \
libmagic1 \
libmagic-dev \
file \
&& rm -rf /var/lib/apt/lists/*

# Copy the connector
COPY src /opt/opencti-connector-socradar/src/
COPY requirements.txt /opt/opencti-connector-socradar/

# Set the Python path
ENV PYTHONPATH="/opt/opencti-connector-socradar/src"

# Install Python packages
RUN pip3 install --no-cache-dir -r /opt/opencti-connector-socradar/requirements.txt

# Expose and entrypoint
COPY entrypoint.sh /
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
72 changes: 72 additions & 0 deletions external-import/socradar/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# OpenCTI SOCRadar Connector

OpenCTI connector for importing threat intelligence feeds from SOCRadar platform.

## Description

This connector imports threat intelligence data from SOCRadar into OpenCTI. It processes various types of indicators including:
* IP addresses (IPv4 and IPv6)
* Domain names
* URLs
* File hashes (MD5, SHA1, SHA256)

## Configuration

| Parameter | Docker envvar | Mandatory | Description |
| --- | --- | --- | --- |
| `opencti.url` | `OPENCTI_URL` | Yes | The URL of your OpenCTI platform |
| `opencti.token` | `OPENCTI_TOKEN` | Yes | Your OpenCTI admin token |
| `radar.radar_base_feed_url` | `RADAR_BASE_FEED_URL` | Yes | SOCRadar API base URL |
| `radar.radar_socradar_key` | `RADAR_SOCRADAR_KEY` | Yes | Your SOCRadar API key |
| `radar.radar_run_interval` | `RADAR_RUN_INTERVAL` | Yes | Time between runs (in seconds, default: 600) |
| `radar.radar_collections_uuid` | `RADAR_COLLECTIONS_UUID` | Yes | Collection IDs to fetch |

The `radar_collections_uuid` parameter should contain the collection IDs you want to fetch from SOCRadar. Example configuration:

```yaml
radar_collections_uuid:
collection_1:
id: ["YOUR_COLLECTION_ID"]
name: ["YOUR_COLLECTION_NAME"]
collection_2:
id: ["YOUR_COLLECTION_ID"]
name: ["YOUR_COLLECTION_NAME"]
```
## Installation
1. Clone the repository:
```bash
git clone https://github.com/OpenCTI-Platform/connectors
cd connectors/external-import/socradar
```

2. Configure the connector:
```bash
cp src/config.yml.sample src/config.yml
```
Edit `src/config.yml` with your OpenCTI and SOCRadar configurations.

3. Add your connector to the `docker-compose.yml`:
```yaml
connector-socradar:
build: ./external-import/socradar
container_name: docker-connector-socradar
environment:
- OPENCTI_URL=http://opencti:8080
- OPENCTI_TOKEN=${OPENCTI_ADMIN_TOKEN}
restart: always
depends_on:
opencti:
condition: service_healthy
```
4. Start with Docker:
```bash
docker-compose up -d connector-socradar
```

You can check the connector status and logs in the OpenCTI platform UI or using:
```bash
docker-compose logs -f connector-socradar
```
11 changes: 11 additions & 0 deletions external-import/socradar/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/bin/sh

# Add debugging information
echo "Current directory: $(pwd)"
echo "Python path: $PYTHONPATH"
echo "Directory contents:"
ls -la /opt/opencti-connector-socradar/src

# Directly execute python script
cd /opt/opencti-connector-socradar
python3 src/main.py
5 changes: 5 additions & 0 deletions external-import/socradar/requirements.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
pycti==6.4.2
python-dateutil==2.8.2
PyYAML==6.0.1
requests~=2.32.2
stix2==3.0.1
24 changes: 24 additions & 0 deletions external-import/socradar/src/config.yml.sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
opencti:
url: 'http://localhost:8080'
token: 'OPENCTI_TOKEN'

connector:
id: 'CONNECTOR_ID'
type: 'EXTERNAL_IMPORT'
name: 'SOCRadar'
scope: 'socradar'
confidence_level: 75
log_level: 'info'
update_existing_data: true

radar:
radar_base_feed_url: "https://platform.socradar.com/api/threat/intelligence/feed_list/"
radar_socradar_key: "SOCRADAR_KEY"
radar_run_interval: 600
radar_collections_uuid:
collection_1:
id: ["COLLECTION_UUID"]
name: ["COLLECTION_NAME"]
collection_2:
id: ["COLLECTION_UUID"]
name: ["COLLECTION_NAME"]
Loading

0 comments on commit 817da0b

Please sign in to comment.