From 8adccd851fb58e660aae52a83b0a2300511b83d7 Mon Sep 17 00:00:00 2001
From: Hannah Ward <Hannah.ward9001@gmail.com>
Date: Fri, 18 Nov 2016 09:28:00 +0000
Subject: [PATCH] Added base configuration files

---
 .gitmodules               |  3 +++
 OpenTAXII                 |  1 +
 collections.yaml          | 11 +++++++++
 config.yaml               | 22 ++++++++++++++++++
 misp_taxii_hooks/hooks.py | 24 ++++++++++++++++++++
 services.yaml             | 48 +++++++++++++++++++++++++++++++++++++++
 setup.py                  | 17 ++++++++++++++
 7 files changed, 126 insertions(+)
 create mode 100644 .gitmodules
 create mode 160000 OpenTAXII
 create mode 100644 collections.yaml
 create mode 100644 config.yaml
 create mode 100644 misp_taxii_hooks/hooks.py
 create mode 100644 services.yaml
 create mode 100644 setup.py

diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..bfdd14a
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "OpenTAXII"]
+	path = OpenTAXII
+	url = https://github.com/EclecticIQ/OpenTAXII.git
diff --git a/OpenTAXII b/OpenTAXII
new file mode 160000
index 0000000..ae8514c
--- /dev/null
+++ b/OpenTAXII
@@ -0,0 +1 @@
+Subproject commit ae8514c7afce42cd7a26b1c4d533fbc2116ade3b
diff --git a/collections.yaml b/collections.yaml
new file mode 100644
index 0000000..252b55d
--- /dev/null
+++ b/collections.yaml
@@ -0,0 +1,11 @@
+---
+
+- name: collection
+  available: true
+  accept_all_content: true
+  type: DATA_SET
+
+  service_ids:
+    - inbox
+    - collection_management
+    - poll
diff --git a/config.yaml b/config.yaml
new file mode 100644
index 0000000..2f503df
--- /dev/null
+++ b/config.yaml
@@ -0,0 +1,22 @@
+---
+domain: "localhost:9000"
+support_basic_auth: yes
+
+persistence_api:
+  class: opentaxii.persistence.sqldb.SQLDatabaseAPI
+  parameters:
+    db_connection: mysql://root:root@localhost/taxiipersist
+    create_tables: yes
+
+auth_api:
+  class: opentaxii.auth.sqldb.SQLDatabaseAPI
+  parameters:
+    db_connection: mysql://root:root@localhost/taxiiauth
+    create_tables: yes
+    secret: ILoveTheSecretStringIsIsGreatButNeedsToBeChangedFrienderino
+
+logging:
+  opentaxii: info
+  root: info
+
+hooks: misp_taxii_hooks.hooks.opentaxii.hooks
diff --git a/misp_taxii_hooks/hooks.py b/misp_taxii_hooks/hooks.py
new file mode 100644
index 0000000..02ef713
--- /dev/null
+++ b/misp_taxii_hooks/hooks.py
@@ -0,0 +1,24 @@
+#!/usr/bin/env python3
+
+import pymisp
+
+from opentaxii.signals import (
+    CONTENT_BLOCK_CREATED, INBOX_MESSAGE_CREATED
+)
+
+## CONFIG
+
+CONFIG = {
+            "MISP_URL" : "localhost",
+            "MISP_API" : "DEADBEEF",
+        }
+
+MISP = pymisp.PyMISP( 
+                        config["MISP_URL"],
+                        config["MISP_API"],
+                )
+
+def post_stix(manager, content_block, collection_ids, service_id):
+    print("Content: {}".format(content_block.content))
+
+CONTENT_BLOCK_CREATED.connect(post_stix)
diff --git a/services.yaml b/services.yaml
new file mode 100644
index 0000000..f57ce0c
--- /dev/null
+++ b/services.yaml
@@ -0,0 +1,48 @@
+---
+
+- id: inbox
+  type: inbox
+  address: /services/inbox
+  description: Custom Inbox Service Description B
+  destination_collection_required: yes
+  accept_all_content: no
+  authentication_required: yes
+  supported_content:
+    - urn:stix.mitre.org:xml:1.1.1
+    - urn:stix.mitre.org:xml:1.2
+  protocol_bindings:
+    - urn:taxii.mitre.org:protocol:http:1.0
+    - urn:taxii.mitre.org:protocol:https:1.0
+
+- id: discovery
+  type: discovery
+  address: /services/discovery
+  description: Custom Discovery Service description
+  advertised_services:
+    - inbox
+    - discovery
+    - collection_management
+    - poll
+  protocol_bindings:
+    - urn:taxii.mitre.org:protocol:http:1.0
+    - urn:taxii.mitre.org:protocol:https:1.0
+
+- id: collection_management
+  type: collection_management
+  address: /services/collection-management
+  description: Custom Collection Management Service description
+  protocol_bindings:
+    - urn:taxii.mitre.org:protocol:http:1.0
+    - urn:taxii.mitre.org:protocol:https:1.0
+
+- id: poll
+  type: poll
+  address: /services/poll
+  description: Custom poll Service description
+  subscription_required: no
+  max_result_count: 100
+  max_result_size: 10
+  authentication_required: yes
+  protocol_bindings:
+    - urn:taxii.mitre.org:protocol:http:1.0
+
diff --git a/setup.py b/setup.py
new file mode 100644
index 0000000..4ae4ab1
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+
+# Setup script for ThreatIntel Conversion
+
+from setuptools import setup
+import os
+
+setup(
+    name="misp_taxii_hooks",
+    description="A little package just to install hooks to PYTHONPATH",
+    version="0.1",
+    author="Hannah Ward",
+    author_email="hannah.ward2@baesystems.com",
+    packages=['misp_taxii_hooks'],
+    install_requires=["pymisp>=2.4.53", "pyaml>=3.11"],
+)
+