...
Creating a brand new ThreatConnect Job can be overwhelming at first glance and so the Technology Partners Team has created a sample project for reference.
Sample Project Link:
...
The sample project has a .tcx file which will contain the integration itself and a .pdf which is the user guide.
User Guide
The pdf user guide can be used as a template and the sections include:
Introduction
High level introduction of the integration and products used.
Release Notes
Version of each app release, the release dates and release details
Data Mapping
The Data mapping of used for data and meta data coming into the ThreatConnect platform
Configuration Requirements
Items needed to run the integration
Job App Installation
Installation instructions on how to install the integration on the ThreatConnect Platform
ThreatConnect Job App Configuration
Specific configurations for the job app such as API keys, IDs, parameters, etc…
Using the Integration
Screenshots of how to use the integration inside the ThreatConnect Platform
Support
Contact info for the vendor supporting the integration
TCX Package
The .tcx file is really just a zip file with out special extension. Uncompress it with your preferred zip tool. Inside the .tcx file you will see the following files:
Code Block |
---|
__main__.py app_lib.py (Applib class) app.py (This is the file where most of the app code will reside) args.py (Arguments to be passed to the app) install.json (JSON file that configures the app for the ThreatConnect platform) job_app.py (JobApp class) lib_3.6.8 lib_latest Malc0de_Threat_Intelligence_Feed.json (Feed deployer job file which is used to deploy the app through feed deployer) README.md requirements.txt (Python library requirements) run.py (Run file for the app) |
app.py
This sample project will showcase how to utilize many of the common features of the batch module. The main file that most of the code for an integration usually resides in is app.py. The app.py file shown in the sample project will display how to implement certain features of the batch module as shown below:
...
Associating indicators to a threat group:
app.py line 431