Page Comparison

...

Creating a brand new ThreatConnect Job can be overwhelming at first glance and so the Technology Partners Team has created a sample project for reference.

Sample Project Link:

https://github.com/ThreatConnect-Inc/threatconnect-jobs/tree/master/apps/Malc0de%20Threat%20Intelligence

...

The sample project has a .tcx file which will contain the integration itself and a .pdf which is the user guide.

User Guide

The pdf user guide can be used as a template and the sections include:

• Introduction

  • High level introduction of the integration and products used.

• Release Notes

  • Version of each app release, the release dates and release details

• Data Mapping

  • The Data mapping of used for data and meta data coming into the ThreatConnect platform

• Configuration Requirements

  • Items needed to run the integration

• Job App Installation

  • Installation instructions on how to install the integration on the ThreatConnect Platform

• ThreatConnect Job App Configuration

  • Specific configurations for the job app such as API keys, IDs, parameters, etc…

• Using the Integration

  • Screenshots of how to use the integration inside the ThreatConnect Platform

• Support

  • Contact info for the vendor supporting the integration

TCX Package

The .tcx file is really just a zip file with out special extension. Uncompress it with your preferred zip tool. Inside the .tcx file you will see the following files:

__main__.py 
app_lib.py (Applib class)
app.py (This is the file where most of the app code will reside)
args.py (Arguments to be passed to the app)
install.json (JSON file that configures the app for the ThreatConnect platform)
job_app.py (JobApp class)
lib_3.6.8 
lib_latest
Malc0de_Threat_Intelligence_Feed.json (Feed deployer job file which is used to deploy the app through feed deployer)
README.md
requirements.txt (Python library requirements)
run.py (Run file for the app)  

app.py

This sample project will showcase how to utilize many of the common features of the batch module. The main file that most of the code for an integration usually resides in is app.py. The app.py file shown in the sample project will display how to implement certain features of the batch module as shown below:

...

Associating indicators to a threat group:

• app.py line 431

Development References

• References - Feed Deployer Configuration Example

• References - tc_log_level Input Parameter Configuration

• References - Persistent Input Values

• /wiki/spaces/DP/pages/276463617

• References - Batch Module Error Guide

• References - Creating Custom Attributes