...
Ensure that you’ve installed and are using a Python 3.6 interpreter. This is important to ensure that you match the oldest version of Python used in the ThreatConnect Platform. Python 3.6.8 is recommended.
Install the latest version of the tcex module:
Code Block pip3 install 'tcex[development]'
Create a project directory on your system.
NOTE: If you’re using an IDE, do not initialize this directory with your IDE until after you’ve initialized it with the appropriate template in the next step. Otherwise, you’ll receive an error that the directory is not empty.
Change directories into the project directory and prepare a template:
Code Block tcinit --template job_batch
Modify the code in app.py. Specifically, your code belongs in the App.run() method.
Ensure that your other project configuration files are up-to-date:
install.json - See this link for reference on this file. Most default values can remain. Key points:
Ensure that your displayName is configured properly per our guidelines.
Ensure that each of your input parameters are defined properly.
tcex.json - Key points:
Ensure that the package > app_name is version of your package name without spaces. Use the _ to substitute for spaces.
For TcEx v1: The package > app_version field will be appended to the package name and doesn’t actually reflect the version embedded in the project.
Any files you add to the project for development but that should not be shipped in the deliverable should be added to the package > excludes array.
args.py - Key Points:
Each argument you add to your app should be included here. You do not need to add any of the pre-defined arguments such as tc_log_level.
requirements.txt - Key Points:
Each package you require for any portion of your app should be specified here.
Prepare the project libraries from the project directory:
Code Block tclib
Prepare a run profile/script to test your code. Use the following parameters for your profile/script:
Execute the run.py with the working directory of your project. Use the following arguments:
--tc_api_path
- Set this tohttps://<instance URL>/api
If you’re using the PartnerStage environment, this would be
https://partnerstage.threatconnect.com/api
.If you’re using the ThreatConnect Public Cloud (you access the UI using
https://app.threatconnect.com
), this would behttps://api.threatconnect.com/
.
--api_access_id
- Set this to your API Access ID--api_secret_key
- Set this to your API Secret KeyIf you run this from a
bash
orzsh
command-line, you must single-quote your API Secret Key or it will not work properly (you will get an API 400 response code saying it can’t find the indicator types).If you run this in PyCharm using a run profile, you must double-quote your API Secret Key or it may produce unexpected results inside the interpreter.
--tc_log_path
- Set this to.
to generate the app.log in your working directorySpecify another directory if you desire. All of the exceptions will be captured in this log and will not be printed to the screen.
--tc_log_level
- Set this toDEBUG
for your testing purposes--tc_owner
- Set this to the name of your Source in PartnerStage. This is typically going to be<Organization> Source
as the name. If your company name is SecuLast, this would beSecuLast Source
.This value is only for testing purposes. In the Production environment, you’ll accept a configurable name here in your project (configuration provided in the template).
Also include any other arguments that are defined in the args.py file
For example, if the args.py file looks like the following:
Code Block """Job Args""" from argparse import ArgumentParser class Args: """Job Args""" def __init__(self, parser: ArgumentParser): """Initialize class properties.""" parser.add_argument('--tc_owner', required=True) parser.add_argument('--indicator_threat_rating') parser.add_argument('--indicator_confidence')
Full run example:
Code Block python3 run.py --tc_api_path https://partnerstage.threatconnect.com/api --api_access_id 1234 --api_secret_key abcd --tc_log_path . --tc_log_level DEBUG --tc_owner "Malc0de Source" --indicator_threat_rating 5 --indicator_confidence 100
Execute testing against your project to ensure that your code works properly against the description in your Solution Design as well as the guidelines for your integration type.
Ensure that your project is stored in your code repository.
Package the application using ‘tcpackage’. The output will be in ./target by default (a .tcx file).
...