Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve ransomware.live connector #2746

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Improve ransomware.live connector #2746

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
93b5f2d
Update ransomware.live connector
seanthegeek Oct 1, 2024
a5bc6b5
Fix formatting
seanthegeek Oct 2, 2024
ee77c9a
Fix config check
seanthegeek Oct 2, 2024
9688243
Do not create relationships to a threat actor when a threat actor isn…
seanthegeek Oct 2, 2024
f780c79
Formatting fix
seanthegeek Oct 2, 2024
6bd3122
Search name or alias when searching for sectors
seanthegeek Oct 7, 2024
f2b929a
Fix formatting
seanthegeek Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 26 additions & 22 deletions external-import/ransomwarelive/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,49 +20,53 @@ General description of the connector
Configuration parameters are provided using environment variables as described below.
Some of them are placed directly in the `docker-compose.yml` since they are not expected to be modified by final users once that they have been defined by the developer of the connector.

Note that the values that follow can be grabbed within Python code using `self.helper.{PARAMETER}`, i. e., `self.helper.connector_nane`.
Note that the values that follow can be grabbed within Python code using `self.helper.{PARAMETER}` i.e., `self.helper.connector_nane`.

Expected environment variables to be set in the `docker-compose.yml` that describe the connector itself.
Most of the times, these values are NOT expected to be changed.
Most of the time, these values are NOT expected to be changed.

| Parameter | Docker envvar | Mandatory | Description |
| ------------------------------------ | ----------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| `connector_name` | `CONNECTOR_NAME` | Yes | A connector name to be shown in OpenCTI. |
| `connector_scope` | `CONNECTOR_SCOPE` | Yes | Supported scope. E. g., `text/html`. |
| Parameter | Docker envvar | Mandatory | Description |
|-------------------|-------------------|-----------|------------------------------------------|
| `connector_name` | `CONNECTOR_NAME` | Yes | A connector name to be shown in OpenCTI. | |
| `connector_scope` | `CONNECTOR_SCOPE` | Yes | Supported scope. E. g., `text/html`. |
|

However, there are other values which are expected to be configured by end users.
The following values are expected to be defined in the `.env` file.
This file is included in the `.gitignore` to avoid leaking sensitive date).
This file is included in the `.gitignore` to avoid leaking sensitive date.
Note tha the `.env.sample` file can be used as a reference.

The ones that follow are connector's generic execution parameters expected to be added for export connectors.

| Parameter | Docker envvar | Mandatory | Description |
| ------------------------------------ | ----------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `opencti_url` | `OPENCTI_URL` | Yes | The URL of the OpenCTI platform. Note that final `/` should be avoided. Example value: `http://opencti:8080` |
| `opencti_token` | `OPENCTI_TOKEN` | Yes | The default admin token configured in the OpenCTI platform parameters file. |
| `connector_id` | `CONNECTOR_ID` | Yes | A valid arbitrary `UUIDv4` that must be unique for this connector. |
| `connector_confidence_level` | `CONNECTOR_CONFIDENCE_LEVEL` | Yes | The default confidence level for created sightings (a number between 1 and 4). |
| `connector_log_level` | `CONNECTOR_LOG_LEVEL` | Yes | The log level for this connector, could be `debug`, `info`, `warn` or `error` (less verbose). |
| `interval` | `CONNECTOR_RUN_EVERY` | Yes | The time unit is represented by a single character at the end of the string: d for days, h for hours, m for minutes, and s for seconds. e.g., 30s is 30 seconds. 1d is 1 day. |
| `update_existing_data` | `CONNECTOR_UPDATE_EXISTING_DATA` | Yes | Whether to update known existing data. |
| Parameter | Docker envvar | Mandatory | Description |
|------------------------------|----------------------------------|-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `opencti_url` | `OPENCTI_URL` | Yes | The URL of the OpenCTI platform. Note that final `/` should be avoided. Example value: `http://opencti:8080` |
| `opencti_token` | `OPENCTI_TOKEN` | Yes | The default admin token configured in the OpenCTI platform parameters file. |
| `connector_id` | `CONNECTOR_ID` | Yes | A valid arbitrary `UUIDv4` that must be unique for this connector. |
| `connector_confidence_level` | `CONNECTOR_CONFIDENCE_LEVEL` | Yes | The default confidence level for created sightings (a number between 1 and 100). |
| `connector_log_level` | `CONNECTOR_LOG_LEVEL` | Yes | The log level for this connector, could be `debug`, `info`, `warn` or `error` (less verbose). |
| `interval` | `CONNECTOR_RUN_EVERY` | Yes | The time unit is represented by a single character at the end of the string: d for days, h for hours, m for minutes, and s for seconds. e.g., 30s is 30 seconds. 1d is 1 day. |
| `update_existing_data` | `CONNECTOR_UPDATE_EXISTING_DATA` | No | Whether to update known existing data (Default: false) | |


Finally, the ones that follow are connector's specific execution parameters expected to be used by this connector.

| Parameter | Docker envvar | Mandatory | Description |
| ------------------------------------ | ----------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `extra_parameter` | `EXTRA_PARAMETER` | Yes | Any extra parameter. |
| Parameter | Docker envvar | Mandatory | Description |
|-----------------------|---------------------------------|-----------|----------------------------------------------------------|
| `create_threat_actor` | `CONNECTOR_CREATE_THREAT_ACTOR` | No | Whether to create a Threat Actor object (Default: false) |
| `pull_history` | `CONNECTOR_PULL_HISTORY` | No | Whether to pull historic data (Default: false) |
| `data_start_year` | `CONNECTOR_HISTORY_START_YEAR` | No | The year to start from (Default: 2020) |

### Debugging ###
### Debugging

The connector can be debugged by setting the appropiate log level.
Note that logging messages can be added using `self.helper.log_{LOG_LEVEL}("Sample message")`, i. e., `self.helper.log_error("An error message")`.
The connector can be debugged by setting the appropriate log level.
Note that logging messages can be added using `self.helper.log_{LOG_LEVEL}("Sample message")`, i.e., `self.helper.log_error("An error message")`.

<!-- Any additional information to help future users debug and report detailed issues concerning this connector -->

### Additional information


<!--
Any additional information about this connector
* What information is ingested/updated/changed
Expand Down
Loading