From 4c40ba4ac7f7761f15d6d0a42347e86e0a1d3e91 Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Tue, 8 Nov 2022 15:22:28 -0600 Subject: [PATCH 01/11] Fixed GitHub configuration + added Docker container --- Dockerfile | 10 ++++++++++ docs/sources/github.rst | 8 +++++--- threatingestor/sources/github.py | 15 +++++++-------- 3 files changed, 22 insertions(+), 11 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..b60bd16 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +# Comes with Python 3.6.9 installed by default +FROM ubuntu:18.04 + +RUN apt-get update +RUN apt-get install python3-pip -y +RUN pip3 install threatingestor +COPY config.yml . + +# Run the ThreatIngestor without accessing /bin/bash container +CMD [ "threatingestor" , "config.yml"] \ No newline at end of file diff --git a/docs/sources/github.rst b/docs/sources/github.rst index 8e8f8d9..87c8457 100644 --- a/docs/sources/github.rst +++ b/docs/sources/github.rst @@ -10,9 +10,10 @@ Configuration Options ~~~~~~~~~~~~~~~~~~~~~ * ``module`` (required): ``github`` -* ``search`` (required): search term(s). -* ``username``: Optional username for authentication. -* ``token``: Optional token or password for authentication. +* ``search`` (required): Search term(s). +* ``username`` (optional): Username for authentication. +* ``token`` (optional): Token or password for authentication. +* ``num_of_days`` (optional): Search within a specific number of days since repository creation date. Example Configuration ~~~~~~~~~~~~~~~~~~~~~ @@ -41,5 +42,6 @@ Inside the ``sources`` section of your configuration file: credentials: github-auth module: github search: CVE-2018- + num_of_days: 60 .. _repository search API: https://developer.github.com/v3/search/#search-repositories diff --git a/threatingestor/sources/github.py b/threatingestor/sources/github.py index 5af0e49..ff6feff 100644 --- a/threatingestor/sources/github.py +++ b/threatingestor/sources/github.py @@ -13,9 +13,10 @@ class Plugin(Source): """Github Source Plugin""" - def __init__(self, name, search, username="", token=""): + def __init__(self, name, search, num_of_days=10, username="", token=""): self.name = name self.search = search + self.num_of_days = num_of_days if username and token: self.auth = (username, token) @@ -37,8 +38,7 @@ def _repository_search(self, params): break response = requests.get( - response.links.get('next')["url"], - auth=self.auth) + response.links.get('next')["url"], auth=self.auth) return repo_list @@ -47,14 +47,14 @@ def run(self, saved_state): """Returns a list of artifacts and the saved state""" # If no saved_state, search max 1 day ago. if not saved_state: - saved_state = (datetime.datetime.utcnow() - - datetime.timedelta(days=10)).isoformat()[:-7] + 'Z' + saved_state = (datetime.datetime.utcnow() - datetime.timedelta(days=self.num_of_days)).isoformat()[:-7] + 'Z' params = { 'q': "{search} created:>={timestamp}".format( search=self.search, timestamp=saved_state), - "per_page": "100"} + "per_page": "100" + } saved_state = datetime.datetime.utcnow().isoformat()[:-7] + 'Z' repo_list = self._repository_search(params) @@ -64,8 +64,7 @@ def run(self, saved_state): title = "Manual Task: GitHub {u}".format(u=repo['full_name']) description = 'URL: {u}\nTask autogenerated by ThreatIngestor from source: {s}' description = description.format(s=self.name, u=repo['html_url']) - artifact = threatingestor.artifacts.Task( - title, self.name, reference_link=repo['html_url'], reference_text=description) + artifact = threatingestor.artifacts.Task(title, self.name, reference_link=repo['html_url'], reference_text=description) artifact_list.append(artifact) From 09408b27f801cac0940b2b21e7b0a1635e4eca84 Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Wed, 9 Nov 2022 14:10:19 -0600 Subject: [PATCH 02/11] Added more installations to work with more sources --- Dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index b60bd16..2b59e39 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,9 +2,9 @@ FROM ubuntu:18.04 RUN apt-get update -RUN apt-get install python3-pip -y -RUN pip3 install threatingestor -COPY config.yml . - -# Run the ThreatIngestor without accessing /bin/bash container -CMD [ "threatingestor" , "config.yml"] \ No newline at end of file +RUN apt-get install python3-pip -y \ + sqlite3 +RUN pip3 install threatingestor \ + twitter \ + feedparser +COPY config.yml . \ No newline at end of file From 35ad3dba167104fe1c88d246e42b2d14c406dda5 Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Wed, 9 Nov 2022 15:20:00 -0600 Subject: [PATCH 03/11] Create workflow.yml --- .github/workflows/workflow.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .github/workflows/workflow.yml diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml new file mode 100644 index 0000000..1da21e4 --- /dev/null +++ b/.github/workflows/workflow.yml @@ -0,0 +1,23 @@ +name: ThreatIngestor Workflow + +on: [push] + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: ["3.6", "3.7"] + + steps: + - uses: actions/checkout@v3 + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + - name: Install dependencies + run: | + pip install -r requirements.txt + pip install -r requirements-testing.txt + - name: Test scripts + run: nosetests --with-coverage --cover-package=threatingestor --cover-xml \ No newline at end of file From b0cc6aa4b1261e3079946bb15f0d0b7ea435ec18 Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Thu, 17 Nov 2022 12:35:01 -0600 Subject: [PATCH 04/11] New source: gist - Fixed Dockerfile bug. It was throwing a strange error when downloading sqlite3 - Updated documentation for new gist source - Create a new gist source using GitHub's gist api --- Dockerfile | 6 ++-- README.rst | 1 + docs/api.rst | 9 +++++ docs/sources/github-gist.rst | 44 +++++++++++++++++++++++ docs/workflows.rst | 5 +++ threatingestor/sources/github-gist.py | 52 +++++++++++++++++++++++++++ threatingestor/sources/github.py | 17 ++++----- 7 files changed, 121 insertions(+), 13 deletions(-) create mode 100644 docs/sources/github-gist.rst create mode 100644 threatingestor/sources/github-gist.py diff --git a/Dockerfile b/Dockerfile index 2b59e39..403c95a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,9 +2,11 @@ FROM ubuntu:18.04 RUN apt-get update -RUN apt-get install python3-pip -y \ - sqlite3 +RUN apt-get install python3-pip -y +RUN apt-get install sqlite3 + RUN pip3 install threatingestor \ twitter \ feedparser + COPY config.yml . \ No newline at end of file diff --git a/README.rst b/README.rst index 041b1dc..e3dda5f 100644 --- a/README.rst +++ b/README.rst @@ -74,6 +74,7 @@ Sources * `Beanstalk work queues `__ * `Git repositories `__ * `GitHub repository search `__ +* `Gists by username `__ * `RSS feeds `__ * `Amazon SQS queues `__ * `Twitter `__ diff --git a/docs/api.rst b/docs/api.rst index ae9a149..11d50bf 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -167,6 +167,15 @@ github :show-inheritance: :member-order: bysource +github-gist +^^^^^^ + +.. automodule:: threatingestor.sources.github-gist + :members: + :undoc-members: + :show-inheritance: + :member-order: bysource + rss ^^^ diff --git a/docs/sources/github-gist.rst b/docs/sources/github-gist.rst new file mode 100644 index 0000000..4b2f9a2 --- /dev/null +++ b/docs/sources/github-gist.rst @@ -0,0 +1,44 @@ +.. _github-gist-source: + +GitHub Gist Username Search +------------------------ + +The **GitHub Gist** source plugin uses GitHub's `gist API`_ to find new gists created by a user, and create a :ref:`Task artifact ` for each. + +Configuration Options +~~~~~~~~~~~~~~~~~~~~~ + +* ``module`` (required): ``github-gist`` +* ``user`` (required): Username of the gist owner. +* ``username`` (optional): Username for authentication. +* ``token`` (optional): Token or password for authentication. + +Example Configuration +~~~~~~~~~~~~~~~~~~~~~ + +The following examples all assume GitHub credentials have already been +configured in the ``credentials`` section of the config, like this: + +.. code-block:: yaml + + credentials: + - name: github-auth + username: myuser + token: MYTOKEN + +.. note:: + + GitHub credentials are optional, but increase the rate limit for API + requests *significantly*. If you are doing more than one or two low- + volume searches, you should set up the credentials. + +Inside the ``sources`` section of your configuration file: + +.. code-block:: yaml + + - name: github-gist-search + credentials: github-auth + module: github-gist + user: Hifumi1337 + +.. _github gist user API: https://docs.github.com/en/rest/gists/gists#list-gists-for-a-user diff --git a/docs/workflows.rst b/docs/workflows.rst index c890c8b..7b13747 100644 --- a/docs/workflows.rst +++ b/docs/workflows.rst @@ -394,6 +394,11 @@ And the ThreatIngestor config file: credentials: github-auth search: CVE-2018- + - name: github-gist-search + module: github-gist + credentials: github-auth + user: Hifumi1337 + - name: git-yara-rules module: git url: https://github.com/InQuest/yara-rules.git diff --git a/threatingestor/sources/github-gist.py b/threatingestor/sources/github-gist.py new file mode 100644 index 0000000..516a70b --- /dev/null +++ b/threatingestor/sources/github-gist.py @@ -0,0 +1,52 @@ +import datetime, requests + +from threatingestor.sources import Source +import threatingestor.artifacts + +def user_set(user): + GIST_SEARCH_URL = "https://api.github.com/users/{0}/gists".format(user) + return GIST_SEARCH_URL + +class Plugin(Source): + """Github Gist Source Plugin""" + def __init__(self, name, user="", username="", token=""): + self.name = name + self.user = user + + if username and token: + self.auth = (username, token) + else: + self.auth = None + + def _gist_search(self, params): + """Returns a list of gist results.""" + + # Iterates through pages of results from query. + response = requests.get(user_set(self.user), params=params, auth=self.auth) + + gist_list = [] + + for gist in response.json(): + gist_list.append(gist) + + return gist_list + + def run(self, saved_state): + """Returns a list of artifacts and the saved state""" + + params = { "per_page": "100" } + + saved_state = datetime.datetime.utcnow().isoformat()[:-7] + 'Z' + gist_list = self._gist_search(params) + + artifact_list = [] + + for gist in gist_list: + title = "Gist Owner: {0}".format(self.user) + description = 'URL: {u}\nTask autogenerated by ThreatIngestor from source: {s}' + description = description.format(s=self.name, u=gist['html_url']) + artifact = threatingestor.artifacts.Task(title, self.name, reference_link=gist['html_url'], reference_text=description) + + artifact_list.append(artifact) + + return saved_state, artifact_list \ No newline at end of file diff --git a/threatingestor/sources/github.py b/threatingestor/sources/github.py index ff6feff..77f0544 100644 --- a/threatingestor/sources/github.py +++ b/threatingestor/sources/github.py @@ -1,15 +1,9 @@ -import datetime - - -import requests - +import datetime, requests from threatingestor.sources import Source import threatingestor.artifacts - -SEARCH_URL = "https://api.github.com/search/repositories" - +REPO_SEARCH_URL = "https://api.github.com/search/repositories" class Plugin(Source): """Github Source Plugin""" @@ -23,13 +17,14 @@ def __init__(self, name, search, num_of_days=10, username="", token=""): else: self.auth = None - def _repository_search(self, params): """Returns a list of repository results.""" + # Iterates through pages of results from query. - response = requests.get(SEARCH_URL, params=params, auth=self.auth) + response = requests.get(REPO_SEARCH_URL, params=params, auth=self.auth) repo_list = [] + while True: for repo in response.json().get('items', []): repo_list.append(repo) @@ -42,7 +37,6 @@ def _repository_search(self, params): return repo_list - def run(self, saved_state): """Returns a list of artifacts and the saved state""" # If no saved_state, search max 1 day ago. @@ -60,6 +54,7 @@ def run(self, saved_state): repo_list = self._repository_search(params) artifact_list = [] + for repo in repo_list: title = "Manual Task: GitHub {u}".format(u=repo['full_name']) description = 'URL: {u}\nTask autogenerated by ThreatIngestor from source: {s}' From 2affd3f0635cd10965e99d788e7280b7524c6ada Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Thu, 17 Nov 2022 13:02:08 -0600 Subject: [PATCH 05/11] Fixed some things for tests to run - Changed github-gist -> github_gist in case we need to use it as a future import - All tests should now pass --- Dockerfile | 4 +++- README.rst | 2 +- docs/api.rst | 4 ++-- docs/sources/{github-gist.rst => github_gist.rst} | 6 +++--- docs/workflows.rst | 4 ++-- tests/test_sources_github.py | 3 +-- threatingestor/sources/{github-gist.py => github_gist.py} | 0 7 files changed, 12 insertions(+), 11 deletions(-) rename docs/sources/{github-gist.rst => github_gist.rst} (93%) rename threatingestor/sources/{github-gist.py => github_gist.py} (100%) diff --git a/Dockerfile b/Dockerfile index 403c95a..61a3d5d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,5 +8,7 @@ RUN apt-get install sqlite3 RUN pip3 install threatingestor \ twitter \ feedparser +COPY config.yml . -COPY config.yml . \ No newline at end of file +# Run the ThreatIngestor without accessing /bin/bash container +CMD ["threatingestor", "config.yml"] \ No newline at end of file diff --git a/README.rst b/README.rst index e3dda5f..290d72a 100644 --- a/README.rst +++ b/README.rst @@ -74,7 +74,7 @@ Sources * `Beanstalk work queues `__ * `Git repositories `__ * `GitHub repository search `__ -* `Gists by username `__ +* `Gists by username `__ * `RSS feeds `__ * `Amazon SQS queues `__ * `Twitter `__ diff --git a/docs/api.rst b/docs/api.rst index 11d50bf..c56404f 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -167,10 +167,10 @@ github :show-inheritance: :member-order: bysource -github-gist +github_gist ^^^^^^ -.. automodule:: threatingestor.sources.github-gist +.. automodule:: threatingestor.sources.github_gist :members: :undoc-members: :show-inheritance: diff --git a/docs/sources/github-gist.rst b/docs/sources/github_gist.rst similarity index 93% rename from docs/sources/github-gist.rst rename to docs/sources/github_gist.rst index 4b2f9a2..20a3f14 100644 --- a/docs/sources/github-gist.rst +++ b/docs/sources/github_gist.rst @@ -8,7 +8,7 @@ The **GitHub Gist** source plugin uses GitHub's `gist API`_ to find new gists cr Configuration Options ~~~~~~~~~~~~~~~~~~~~~ -* ``module`` (required): ``github-gist`` +* ``module`` (required): ``github_gist`` * ``user`` (required): Username of the gist owner. * ``username`` (optional): Username for authentication. * ``token`` (optional): Token or password for authentication. @@ -38,7 +38,7 @@ Inside the ``sources`` section of your configuration file: - name: github-gist-search credentials: github-auth - module: github-gist - user: Hifumi1337 + module: github_gist + user: InQuest .. _github gist user API: https://docs.github.com/en/rest/gists/gists#list-gists-for-a-user diff --git a/docs/workflows.rst b/docs/workflows.rst index 7b13747..386df25 100644 --- a/docs/workflows.rst +++ b/docs/workflows.rst @@ -395,9 +395,9 @@ And the ThreatIngestor config file: search: CVE-2018- - name: github-gist-search - module: github-gist + module: github_gist credentials: github-auth - user: Hifumi1337 + user: InQuest - name: git-yara-rules module: git diff --git a/tests/test_sources_github.py b/tests/test_sources_github.py index 970f713..cfe8623 100644 --- a/tests/test_sources_github.py +++ b/tests/test_sources_github.py @@ -6,7 +6,6 @@ import threatingestor.sources.github - API_RESPONSE_DATA = """ { "total_count": 40, @@ -57,7 +56,7 @@ def setUp(self): @patch('threatingestor.sources.github.datetime') @responses.activate def test_run_returns_saved_state_tasks(self, mock_datetime): - responses.add(responses.GET, threatingestor.sources.github.SEARCH_URL, + responses.add(responses.GET, threatingestor.sources.github.REPO_SEARCH_URL, body=API_RESPONSE_DATA) mock_datetime.datetime.utcnow.return_value = datetime.datetime(2018, 4, 30, 17, 5, 13, 194840) mock_datetime.datetime.side_effect = lambda *args, **kw: datetime.datetime(*args, **kw) diff --git a/threatingestor/sources/github-gist.py b/threatingestor/sources/github_gist.py similarity index 100% rename from threatingestor/sources/github-gist.py rename to threatingestor/sources/github_gist.py From fc261d467e04ab133e03765fc141ef87a965f294 Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Fri, 18 Nov 2022 10:51:07 -0600 Subject: [PATCH 06/11] Testing a new workflow badge --- .github/workflows/workflow.yml | 2 +- README.rst | 17 ++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml index 1da21e4..6f2a0a1 100644 --- a/.github/workflows/workflow.yml +++ b/.github/workflows/workflow.yml @@ -1,4 +1,4 @@ -name: ThreatIngestor Workflow +name: threatingestor-workflow on: [push] diff --git a/README.rst b/README.rst index 290d72a..db6edfc 100644 --- a/README.rst +++ b/README.rst @@ -6,16 +6,19 @@ ThreatIngestor :alt: Developed by InQuest .. image:: https://travis-ci.org/InQuest/ThreatIngestor.svg?branch=master :target: https://travis-ci.org/InQuest/ThreatIngestor - :alt: Build Status + :alt: Build Status (Travis CI) +.. image:: https://github.com/InQuest/ThreatIngestor/workflows/threatingestor-workflow/badge.svg + :target: https://github.com/InQuest/ThreatIngestor/actions + :alt: Build Status (GitHub Workflow) .. image:: https://readthedocs.org/projects/threatingestor/badge/?version=latest :target: http://inquest.readthedocs.io/projects/threatingestor/en/latest/?badge=latest :alt: Documentation Status -.. image:: https://api.codacy.com/project/badge/Grade/a989bb12e9604d5a9577ce71848e7a2a - :target: https://app.codacy.com/app/InQuest/ThreatIngestor - :alt: Code Health -.. image:: https://api.codacy.com/project/badge/Coverage/a989bb12e9604d5a9577ce71848e7a2a - :target: https://app.codacy.com/app/InQuest/ThreatIngestor - :alt: Test Coverage +.. .. image:: https://api.codacy.com/project/badge/Grade/a989bb12e9604d5a9577ce71848e7a2a +.. :target: https://app.codacy.com/app/InQuest/ThreatIngestor +.. :alt: Code Health +.. .. image:: https://api.codacy.com/project/badge/Coverage/a989bb12e9604d5a9577ce71848e7a2a +.. :target: https://app.codacy.com/app/InQuest/ThreatIngestor +.. :alt: Test Coverage .. image:: http://img.shields.io/pypi/v/ThreatIngestor.svg :target: https://pypi.python.org/pypi/ThreatIngestor :alt: PyPi Version From 94a61fd64d29ee0734a1130b3e670ebd7fb6c8d7 Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Fri, 18 Nov 2022 10:53:13 -0600 Subject: [PATCH 07/11] Just a quick test --- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rst b/README.rst index db6edfc..8d7fa57 100644 --- a/README.rst +++ b/README.rst @@ -7,7 +7,7 @@ ThreatIngestor .. image:: https://travis-ci.org/InQuest/ThreatIngestor.svg?branch=master :target: https://travis-ci.org/InQuest/ThreatIngestor :alt: Build Status (Travis CI) -.. image:: https://github.com/InQuest/ThreatIngestor/workflows/threatingestor-workflow/badge.svg +.. image:: https://github.com/InQuest/ThreatIngestor/workflows/threatingestor-workflow/badge.svg?branch=develop :target: https://github.com/InQuest/ThreatIngestor/actions :alt: Build Status (GitHub Workflow) .. image:: https://readthedocs.org/projects/threatingestor/badge/?version=latest From 168af3bf29c41a371734cc36f8ef8b62e53d8ebd Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Fri, 18 Nov 2022 10:57:01 -0600 Subject: [PATCH 08/11] Update README.rst --- README.rst | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.rst b/README.rst index 8d7fa57..c4598f0 100644 --- a/README.rst +++ b/README.rst @@ -7,9 +7,12 @@ ThreatIngestor .. image:: https://travis-ci.org/InQuest/ThreatIngestor.svg?branch=master :target: https://travis-ci.org/InQuest/ThreatIngestor :alt: Build Status (Travis CI) + +.. Change ?branch=develop to ?branch=master when merging into master .. image:: https://github.com/InQuest/ThreatIngestor/workflows/threatingestor-workflow/badge.svg?branch=develop :target: https://github.com/InQuest/ThreatIngestor/actions :alt: Build Status (GitHub Workflow) + .. image:: https://readthedocs.org/projects/threatingestor/badge/?version=latest :target: http://inquest.readthedocs.io/projects/threatingestor/en/latest/?badge=latest :alt: Documentation Status From f1ef7fdecd3966cb5b227baf5bc479259f8dc4b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=AErbu=20Sandu?= <46487296+shark4ce@users.noreply.github.com> Date: Tue, 22 Nov 2022 18:25:36 +0000 Subject: [PATCH 09/11] Retrieve all content of a retweed tweet --- threatingestor/sources/twitter.py | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/threatingestor/sources/twitter.py b/threatingestor/sources/twitter.py index f12b0ed..cb22217 100644 --- a/threatingestor/sources/twitter.py +++ b/threatingestor/sources/twitter.py @@ -62,12 +62,19 @@ def run(self, saved_state): except TypeError: tweet_list = response - tweets = [{ - 'content': s.get('full_text', ''), - 'id': s.get('id_str', ''), - 'user': s.get('user', {}).get('screen_name', ''), - 'entities': s.get('entities', {}), - } for s in tweet_list] + tweets = [] + for tweet in tweet_list: + if "retweeted_status" in tweet: + content = tweet['retweeted_status'].get('full_text', '') + else: + content = tweet.get('full_text', '') + + tweets.append({ + 'content': content, + 'id': tweet.get('id_str', ''), + 'user': tweet.get('user', {}).get('screen_name', ''), + 'entities': tweet.get('entities', {}), + }) artifacts = [] # Traverse in reverse, old to new. From cfdaf0aa3b8dd4bc8cf928f9e367cf92e8eb89e2 Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Mon, 28 Nov 2022 14:02:50 -0600 Subject: [PATCH 10/11] Added Docker info to README --- README.rst | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.rst b/README.rst index c4598f0..6eda251 100644 --- a/README.rst +++ b/README.rst @@ -134,3 +134,24 @@ Issues and pull requests are welcomed. Please keep Python code PEP8 compliant. B .. _ThreatIngestor walkthroughs: https://inquest.net/taxonomy/term/42 .. _RSS config file: https://github.com/InQuest/ThreatIngestor/blob/master/rss.example.yml .. _labs.inquest.net/iocdb: https://labs.inquest.net/iocdb + +Docker Container +------------ + +A Dockerfile is now available for running ThreatIngestor within a Docker container. + +First, you'll need to build the container: + +``` +docker build . -t threat +``` + +After that, you can mount the container for use using this command: +``` +docker run -it --mount type=bind,source=/,target=/dock threat /bin/bash +``` + +After you've mounted the container, and you're inside of the `/bin/bash` shell, you can run the threatingestor like normal: +``` +threatingestor config.yml +``` \ No newline at end of file From 1e90c4500610b8ee051c94b83f74d6a275325540 Mon Sep 17 00:00:00 2001 From: Hifumi1337 <56496067+Hifumi1337@users.noreply.github.com> Date: Mon, 28 Nov 2022 14:09:03 -0600 Subject: [PATCH 11/11] Fix for rst --- README.rst | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/README.rst b/README.rst index 6eda251..5b6bd24 100644 --- a/README.rst +++ b/README.rst @@ -140,18 +140,14 @@ Docker Container A Dockerfile is now available for running ThreatIngestor within a Docker container. -First, you'll need to build the container: +First, you'll need to build the container:: -``` -docker build . -t threat -``` + docker build . -t threat -After that, you can mount the container for use using this command: -``` -docker run -it --mount type=bind,source=/,target=/dock threat /bin/bash -``` +After that, you can mount the container for use using this command:: -After you've mounted the container, and you're inside of the `/bin/bash` shell, you can run the threatingestor like normal: -``` -threatingestor config.yml -``` \ No newline at end of file + docker run -it --mount type=bind,source=/,target=/dock threat /bin/bash + +After you've mounted the container, and you're inside of the `/bin/bash` shell, you can run the threatingestor like normal:: + + threatingestor config.yml \ No newline at end of file