Collection of core functionalities to work with Information sharing (IS) and Cyber threat Intelligence (CTI) platforms for the Dynabic components.
The selected IS for this project is is MISP for all project partners, so we can share/refine/test functionalities useful to everyone, saving time in the process.
CTI4BC is a component for the Dynabic (UE Horizon Europe) project.
To use the core library standalone:
# Download or clone repo
git clone https://github.com/Montimage/cti4bc-backend
# Install as *development* package
# This will install aiohttp and pytest packages
pip install -e "./cti4bc-backend/src"
# Optional, create a virtual env
# Optional, installation using $PYTHONPATH
- Option a - Using environment variables. This should be the preferred way for contributors to the core lib. The library requires url and misp api key. The recommended approach is to add them to the environment variables
MISP_URLandMISP_TOKEN(in /etc/environment or .env file or activate file, etc), but it is up to the user to set these credentials in env or when calling themisp.configure(url, key)method. For risk related features setRISK_URLRISK_TOKEN. - Option b - Using explicit
configure(url,token)method. This should be the preferred way for external consumers of the core lib. When starting application we can set/override the endpoints by calling the configure() method on some modules.
Note: create an API key from your MISP instance. We can temporary provide a key for DYNABIC partners in case no MISP server yet.
Example of configuration parameters:
MISP_TOKEN="kajeucn09876njeudnenSAFBXxs"
MISP_URL="https://misp.example.com"
RISK_URL="https://risk.example.com"
RISK_TOKEN='82jeNajeucneDsxzyq'
Note: this lib uses the asyncio library for I/O tasks. The async/await paradigm will be very useful on development, because most of the library features are wiring services.
Example (see tests folder for more examples):
import asyncio
import cti4bc.misp as misp
# (or) from cti4bc import misp
async def main():
try:
# Optional
# misp.configure(url,api_key)
events = await misp.event.list()
id = events[0]['id']
event = await misp.event.get(id)
print(event)
except Exception as e:
# handle e.code, e.status
print(e)
asyncio.run(main())The simplest approach is to install the lib as development package (and described above) and start the VSCODE from the installation folder. The run/debug buttons and autocomplete should work.
Alternatively, there are some reasons for other development paths. For instance, people who want to add the project as a subfolder (not in the VSCODE workspace and not as root folder), people who want this and other packages to be treated as folders and not installed by pip, or for any other reasons. In these cases, VSCODE cannot find the package and Debug or Autocomplete (intellisense) when typing will not be available. The additional configuration steps are:
- For run/debug: to find the modules in run/debug/ or terminal, add PYTHONPATH to the environment. For instance, if a virtualenv is used, add this to the
.venv/bin/activate. Then restart VSCODE or open a new terminal, or reactivate the venv to get the changes. PYTHONPATH is similar to the classpath in Java, where the code can be found and executed with no installation steps.
PYTHONPATH="$PYTHONPATH:/YOUR/DYNABIC/FOLDER/cti4bc/src"
export PYTHONPATH- For autocomplete/intellisense: add to settings.json (in the user, workspace or folder) the following property:
"python.analysis.extraPaths": [
"/YOUR/DYNABIC/FOLDER/cti4bc/src"
]Data Types with default values. So everyone can put a curated skeleton there and rest of developers do not need to understand the object, just get a copy and update 1 or 2 fields. Since Python is not a compiled, strict-typing language, let's prioritize productivity. Work with simple objects, and when a complex one is really required, put it in the skeletons list.
Minimal set of actions to interact with MISP servers. See API navigation tab in your MISP instance (Note: this module is not intended to be an autogenerated OpenAPI with all services and models. We will spent more time dealing with Dynabic data-models...).
- Prerequisites:
- Python 3.11 or later
- pip and venv for virtual environment management
- PostgreSQL 13+ (configured and accessible)
- Clone the repository:
git clone git@github.com:Montimage/cti4bc-backend.git
cd cti4bc-backend- Create and activate a virtual environment:
python3 -m venv .venv
source .venv/bin/activate- Install dependencies:
pip install -r requirements.txt- Create the .env environment configuration file containing the required configuration variables:
# -------------------------------
# Database Configuration (PostgreSQL)
# -------------------------------
DB_NAME=cti4bc_db # Name of the PostgreSQL database
DB_USER=cti4bc_user # Database username
DB_PASSWORD=change-me # Database password
DB_HOST=cti4bc-postgres-service # Hostname or service name of the database
DB_PORT=5432 # Database port (default for PostgreSQL)
# -------------------------------
# Kafka Configuration
# -------------------------------
KAFKA_SERVER=kafka-broker:9092 # Kafka bootstrap server address
KAFKA_USERNAME=kafka_user # Username for Kafka authentication (if required)
KAFKA_PASSWORD=kafka_password # Password for Kafka authentication (if required)
# -------------------------------
# Kafka Topics
# -------------------------------
CTI_REMOTE_TOPIC= CTI4BC.events # Topic for sharing CTI events with other organizations
RISK_TOPIC=RISK4BC.riskProfile # Topic for receiving risk assessment information from RISK4BC- Apply database migrations and create an admin user:
python manage.py migrate
python manage.py createsuperuser- Run the development server:
python manage.py runserverThe CTI4BC backend can be built and deployed as a Docker container.
- Build the Docker Image
- Standard build:
docker build -t cti4bc-backend .- For Apple Silicon (M1/M2) or multi-platform builds:
docker buildx build \
--no-cache \
--platform linux/amd64 \
--build-arg REACT_APP_API_URL= https://your-api-url.com \
-t cti4bc-backend \
--load .This project has received funding from the European Union’s Horizon Europe research and innovation programme under grant agreement No 101070455.
Dynabic (UE Horizon Europe) project](https://dynabic.eu/)