Added base configuration files

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "OpenTAXII"]
+	path = OpenTAXII
+	url = https://github.com/EclecticIQ/OpenTAXII.git

OpenTAXII

@@ -0,0 +1 @@
+Subproject commit ae8514c7afce42cd7a26b1c4d533fbc2116ade3b

collections.yaml

@@ -0,0 +1,11 @@
+---
+
+- name: collection
+  available: true
+  accept_all_content: true
+  type: DATA_SET
+
+  service_ids:
+    - inbox
+    - collection_management
+    - poll

config.yaml

@@ -0,0 +1,22 @@
+---
+domain: "localhost:9000"
+support_basic_auth: yes
+
+persistence_api:
+  class: opentaxii.persistence.sqldb.SQLDatabaseAPI
+  parameters:
+    db_connection: mysql://root:root@localhost/taxiipersist
+    create_tables: yes
+
+auth_api:
+  class: opentaxii.auth.sqldb.SQLDatabaseAPI
+  parameters:
+    db_connection: mysql://root:root@localhost/taxiiauth
+    create_tables: yes
+    secret: ILoveTheSecretStringIsIsGreatButNeedsToBeChangedFrienderino
+
+logging:
+  opentaxii: info
+  root: info
+
+hooks: misp_taxii_hooks.hooks.opentaxii.hooks

misp_taxii_hooks/hooks.py

@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+import pymisp
+
+from opentaxii.signals import (
+    CONTENT_BLOCK_CREATED, INBOX_MESSAGE_CREATED
+)
+
+## CONFIG
+
+CONFIG = {
+            "MISP_URL" : "localhost",
+            "MISP_API" : "DEADBEEF",
+        }
+
+MISP = pymisp.PyMISP( 
+                        config["MISP_URL"],
+                        config["MISP_API"],
+                )
+
+def post_stix(manager, content_block, collection_ids, service_id):
+    print("Content: {}".format(content_block.content))
+
+CONTENT_BLOCK_CREATED.connect(post_stix)

services.yaml

@@ -0,0 +1,48 @@
+---
+
+- id: inbox
+  type: inbox
+  address: /services/inbox
+  description: Custom Inbox Service Description B
+  destination_collection_required: yes
+  accept_all_content: no
+  authentication_required: yes
+  supported_content:
+    - urn:stix.mitre.org:xml:1.1.1
+    - urn:stix.mitre.org:xml:1.2
+  protocol_bindings:
+    - urn:taxii.mitre.org:protocol:http:1.0
+    - urn:taxii.mitre.org:protocol:https:1.0
+
+- id: discovery
+  type: discovery
+  address: /services/discovery
+  description: Custom Discovery Service description
+  advertised_services:
+    - inbox
+    - discovery
+    - collection_management
+    - poll
+  protocol_bindings:
+    - urn:taxii.mitre.org:protocol:http:1.0
+    - urn:taxii.mitre.org:protocol:https:1.0
+
+- id: collection_management
+  type: collection_management
+  address: /services/collection-management
+  description: Custom Collection Management Service description
+  protocol_bindings:
+    - urn:taxii.mitre.org:protocol:http:1.0
+    - urn:taxii.mitre.org:protocol:https:1.0
+
+- id: poll
+  type: poll
+  address: /services/poll
+  description: Custom poll Service description
+  subscription_required: no
+  max_result_count: 100
+  max_result_size: 10
+  authentication_required: yes
+  protocol_bindings:
+    - urn:taxii.mitre.org:protocol:http:1.0
+

setup.py

@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+
+# Setup script for ThreatIntel Conversion
+
+from setuptools import setup
+import os
+
+setup(
+    name="misp_taxii_hooks",
+    description="A little package just to install hooks to PYTHONPATH",
+    version="0.1",
+    author="Hannah Ward",
+    author_email="hannah.ward2@baesystems.com",
+    packages=['misp_taxii_hooks'],
+    install_requires=["pymisp>=2.4.53", "pyaml>=3.11"],
+)
+