MISP
/
MISP-Taxii-Server
mirror of https://github.com/MISP/MISP-Taxii-Server
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: Move to latest openTaxii

pull/83/head
Hannah Ward 2019-02-12 17:11:36 +00:00
parent 0f598f9f88
commit 734cfecd0e
No known key found for this signature in database
GPG Key ID: 6F3BAD60DE190290
6 changed files with 70 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.travis.yml
View File

@ -1,25 +1,21 @@
dist: trusty
sudo: required sudo: required
language: python language: python
python: python:
- "3.5" - "3.5"
- "nightly" - "3.6"
services: services:
- mysql - mysql
- docker - docker
env: env:
- OPENTAXII_CONFIG=$TRAVIS_BUILD_DIR/config/config.travis.yaml URL="http://35.163.95.230" APIKEY=pF4Rq3JOHbYAJLMiFDqRPpLxAh3s0PakiSPKWSN5 - OPENTAXII_CONFIG=$TRAVIS_BUILD_DIR/config/config.travis.yaml URL="http://localhost" APIKEY=testmispapikeytestmispapikeytestmispapik
before_install: before_install:
- sudo apt-get install mysql-server-5.6 mysql-client-core-5.6 mysql-client-5.6 libxml2-dev libxslt1-dev zlib1g-dev - sudo apt-get install mysql-server-5.6 mysql-client-core-5.6 mysql-client-5.6 libxml2-dev libxslt1-dev zlib1g-dev
- wget "https://github.com/TAXIIProject/libtaxii/archive/1.1.111.tar.gz" - pip install -r REQUIREMENTS.txt
- tar xf 1.1.111.tar.gz
- cd libtaxii-1.1.111
- pip install -r requirements.txt
- python setup.py install - python setup.py install
- cd .. - cd ..
- docker pull floatingghost/misp-testable:v2.4.102 - docker pull floatingghost/misp-testable:v2.4.102
@ -45,14 +41,10 @@ install:
- mysql -u root -e "grant all on taxiiauth.* to 'taxii'@'%' identified by 'some_password';" - mysql -u root -e "grant all on taxiiauth.* to 'taxii'@'%' identified by 'some_password';"
- mysql -u root -e "grant all on taxiipersist.* to 'taxii'@'%' identified by 'some_password';" - mysql -u root -e "grant all on taxiipersist.* to 'taxii'@'%' identified by 'some_password';"
# Populate databases # Populate databases
- opentaxii-create-services -c config/services.yaml - opentaxii-sync-data config/data-configuration.yaml
- opentaxii-create-collections -c config/collections.yaml
- opentaxii-create-account -u travis -p travis
script: script:
- opentaxii-run-dev & - opentaxii-run-dev &
- pid=$! - pid=$!
- sleep 15 - sleep 15
- cd tests - for file in tests/*.xml; do; taxii-push --path http://127.0.0.1:9000/services/inbox -f $file --dest my_collection --username admin --password admin; done;
- nosetests .
- cd ..
- kill -s INT $pid - kill -s INT $pid

74
README.md
View File

@ -8,63 +8,36 @@ along with a callback for when data is sent to the TAXII Server's inbox.
## Installation ## Installation
### Docker install
For a really simple sqlite-based installation (plug and play, no persistence)
```bash
docker pull floatingghost/misp-taxii-server
docker run -it \
-e PERSIST_CONNECTION_STRING="sqlite:///persist.db" \
-e AUTH_CONNECTION_STRING="sqlite:///auth.db" \
-e MISP_URL="https://mymisp" \
-e MISP_KEY="myapikey" \
-e TAXII_USER=root \
-e TAXII_PASS=root \
-p 9000:9000 \
floatingghost/misp-taxii-server
```
That'll get you set up with a basic server, but is not recommended for production.
Switch the connection strings to use an external database for that.
This docker image currently just runs the base server with no supplimentary scripts.
### Manual install ### Manual install
Download the repository with
```bash ```bash
git clone --recursive https://github.com/MISP/MISP-Taxii-Server git clone https://github.com/MISP/MISP-Taxii-Server
``` cd MISP-Taxii-Server
pip3 install -r REQUIREMENTS.txt
This will also download the OpenTAXII Server, which you should install with
```bash
# There's some weird bug wherein pip can't parse >=1.1.111
sudo pip3 install libtaxii==1.1.111
cd OpenTAXII
sudo python3 setup.py install
``` ```
You'll then need to set up your TAXII database. As you're using MISP, you'll likely You'll then need to set up your TAXII database. As you're using MISP, you'll likely
already have a MySQL environment running. already have a MySQL environment running.
Run the following commands to create your databases
```bash ```bash
mysql -u [database user] -p mysql -u [database user] -p
# Enter Database password # Enter Database password
mysql> create database taxiiauth; mysql> create database taxiiauth;
mysql> create database taxiipersist; mysql> create database taxiipersist;
mysql> grant all on taxiiauth.* to 'taxii'@'%' identified by 'some_password'; mysql> grant all on taxiiauth.* to 'taxii'@'%' identified by 'some_password';
mysql> grant all on taxiipersist.* to 'taxii'@'%' identified by 'some_password'; mysql> grant all on taxiipersist.* to 'taxii'@'%' identified by 'some_password';
mysql> exit; mysql> exit;
``` ```
Now configure your TAXII server
```bash
cp config/config.default.yaml config/config.yaml
```
Now, with that data, copy `config/config.default.yaml` over to `config/config.yaml` and open it. Edit the `db_connection` parameters to match your environment. Change `auth_api -> parameters -> secret` whilst you're here as well. Now, with that data, copy `config/config.default.yaml` over to `config/config.yaml` and open it. Edit the `db_connection` parameters to match your environment. Change `auth_api -> parameters -> secret` whilst you're here as well.
Do not forget to set your MISP server's URL and API key at the bottom. Do not forget to set your MISP server's URL and API key at the bottom.
If you wish, you can edit the taxii service definitions in `services.yaml`, If you wish, you can edit the taxii service definitions in `services.yaml`,
@ -82,8 +55,8 @@ pip3 install mysqlclient
export OPENTAXII_CONFIG=/path/to/config.yaml export OPENTAXII_CONFIG=/path/to/config.yaml
export PYTHONPATH=. export PYTHONPATH=.
opentaxii-create-services -c config/services.yaml opentaxii-sync-data config/services.yaml
opentaxii-create-collections -c config/collections.yaml opentaxii-sync-data config/collections.yaml
# Create a user account # Create a user account
# Set the username and password to whatever you want # Set the username and password to whatever you want
@ -121,6 +94,29 @@ Now you have a TAXII server hooked up to MISP, you're able to send STIX files to
There is also an experimental feature to push MISP events to the TAXII server when they're published - that's in `scripts/push_published_to_taxii.py`. It seems to work, but may occasionally re-upload duplicate events to MISP. There is also an experimental feature to push MISP events to the TAXII server when they're published - that's in `scripts/push_published_to_taxii.py`. It seems to work, but may occasionally re-upload duplicate events to MISP.
### Docker install
For a really simple sqlite-based installation (plug and play, no persistence)
```bash
docker pull floatingghost/misp-taxii-server
docker run -it \
-e PERSIST_CONNECTION_STRING="sqlite:///persist.db" \
-e AUTH_CONNECTION_STRING="sqlite:///auth.db" \
-e MISP_URL="https://mymisp" \
-e MISP_KEY="myapikey" \
-e TAXII_USER=root \
-e TAXII_PASS=root \
-p 9000:9000 \
floatingghost/misp-taxii-server
```
That'll get you set up with a basic server, but is not recommended for production.
Switch the connection strings to use an external database for that.
This docker image currently just runs the base server with no supplimentary scripts.
## Automated TAXII -> MISP Sync ## Automated TAXII -> MISP Sync
If you want, there is the ability to synchronise between a remote TAXII server and the local MISP server. If you want, there is the ability to synchronise between a remote TAXII server and the local MISP server.

7
REQUIREMENTS.txt Normal file
View File

@ -0,0 +1,7 @@
zmq
pyaml
cabby
mysqlclient
opentaxii
-e git+https://github.com/MISP/PyMISP#egg=pymisp
-e git+https://github.com/MISP/MISP-STIX-Converter.git#egg=misp-stix-converter

11
config/collections.yaml
View File

@ -1,11 +0,0 @@
---
collections:
- name: collection
available: true
accept_all_content: true
type: DATA_SET
service_ids:
- inbox
- collection_management
- poll

20
config/services.yaml → config/data-configuration.yaml
View File

@ -46,3 +46,23 @@ services:
protocol_bindings: protocol_bindings:
- urn:taxii.mitre.org:protocol:http:1.0 - urn:taxii.mitre.org:protocol:http:1.0
- urn:taxii.mitre.org:protocol:https:1.0 - urn:taxii.mitre.org:protocol:https:1.0
collections:
- name: my_collection
available: true
accept_all_content: true
type: DATA_SET
service_ids:
- inbox
- collection_management
- poll
accounts:
- username: guest
password: guest
permissions:
my_collection: read
- username: admin
password: admin
is_admin: yes

11
setup.py
View File

@ -1,9 +1,4 @@
#!/usr/bin/env python3
# Setup script for ThreatIntel Conversion
from setuptools import setup from setuptools import setup
import os
setup( setup(
name="misp_taxii_hooks", name="misp_taxii_hooks",
@ -12,8 +7,8 @@ setup(
author="Hannah Ward", author="Hannah Ward",
author_email="hannah.ward2@baesystems.com", author_email="hannah.ward2@baesystems.com",
packages=['misp_taxii_hooks'], packages=['misp_taxii_hooks'],
install_requires=["zmq", "misp-stix-converter", "pymisp>=2.4.53", "pyaml>=3.11", "cabby>=0.1", "mysqlclient>=1.3.9", "nose>=1.3.7"], scripts=["scripts/start-misp-taxii.sh",
scripts=["scripts/start-misp-taxii.sh", "scripts/push_published_to_taxii.py", "scripts/install-remote-server.sh", "scripts/push_published_to_taxii.py",
"scripts/install-remote-server.sh",
"scripts/run-taxii-poll.py"] "scripts/run-taxii-poll.py"]
) )