Merge pull request #34

Align Plugins
tenzir · Jun 19, 2020 · 8b1eb81 · 8b1eb81
2 parents 65cd229 + 75a1af5
commit 8b1eb81
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 35 deletions.
diff --git a/config.yaml b/config.yaml
@@ -37,3 +37,14 @@ plugins:
         manage: 13370
         pub: 13371
         sub: 13372
+    cif3:
+      api:
+        host: http://localhost:5000
+        ssl: false
+        token: CIF_TOKEN
+      group: everyone
+      confidence: 7.5
+      tlp: amber
+      tags:
+        - test
+        - malicious
diff --git a/plugins/apps/threatbus_cif3/plugin.py b/plugins/apps/threatbus_cif3/plugin.py
@@ -16,18 +16,17 @@ def validate_config(config):
     config["tlp"].get(str)
     config["confidence"].as_number()
     config["group"].get(str)
-    if config["api"].get(dict):
-        config["api"]["host"].get(str)
-        config["api"]["ssl"].get(bool)
-        config["api"]["token"].get(str)
+    config["api"].get(dict)
+    config["api"]["host"].get(str)
+    config["api"]["ssl"].get(bool)
+    config["api"]["token"].get(str)
 
 
 def receive_intel_from_backbone(watched_queue, cif, config):
     """Reports / publishes intel items back to the given CIF endpoint.
         @param watched_queue The py queue from which to read messages to submit on to CIF
     """
     global logger
-    logger.debug(f"Waiting for intel from Threat Bus...")
     if not cif:
         logger.error("CIF is not properly configured. Exiting.")
         return
@@ -43,16 +42,15 @@ def receive_intel_from_backbone(watched_queue, cif, config):
     while True:
         intel = watched_queue.get()
         if not intel:
-            logger.debug("Received unparsable intel item")
+            logger.warning("Received unparsable intel item")
             continue
         cif_mapped_intel = map_to_cif(intel, logger, confidence, tags, tlp, group)
         if not cif_mapped_intel:
+            logger.warning("Could not map intel item")
             continue
-        logger.debug(f"Adding intel to CIF: {cif_mapped_intel}")
         try:
-            resp = cif.indicators_create(cif_mapped_intel)
-            logger.debug(f"CIF response: {resp}")
-            logger.debug(f"Successfully submitted to CIF: {cif_mapped_intel}")
+            logger.debug(f"Adding intel to CIF: {cif_mapped_intel}")
+            cif.indicators_create(cif_mapped_intel)
         except Exception as err:
             logger.error(f"CIF submission error: {err}")
 
@@ -61,44 +59,35 @@ def receive_intel_from_backbone(watched_queue, cif, config):
 def run(config, logging, inq, subscribe_callback, unsubscribe_callback):
     global logger
     logger = threatbus.logger.setup(logging, __name__)
-    logger.info("Reading config file for CIF3 host, token, and ssl values")
     config = config[plugin_name]
     try:
         validate_config(config)
     except Exception as e:
         logger.fatal("Invalid config for plugin {}: {}".format(plugin_name, str(e)))
 
-    if config["api"].get():
-        remote, token, ssl = (
-            config["api"]["host"].get(),
-            config["api"]["token"].get(),
-            config["api"]["ssl"].get(),
+    remote, token, ssl = (
+        config["api"]["host"].get(),
+        config["api"]["token"].get(),
+        config["api"]["ssl"].get(),
+    )
+    cif = None
+    try:
+        cif = Client(remote=remote, token=token, verify_ssl=ssl)
+        cif.ping()
+    except Exception as err:
+        logger.error(
+            f"Cannot connect to CIFv3 at {remote}, using SSL: {ssl}. Exiting plugin."
         )
-        cif = None
-        try:
-            cif = Client(remote=remote, token=token, verify_ssl=ssl)
-            cif.ping()
-            logger.debug(f"Started CIF client to remote {remote}")
-        except Exception as err:
-            logger.error(
-                f"Cannot connect CIF client to {remote}, using SSL: {ssl} : {err}"
-            )
-
-        if not cif:
-            logger.error("Could not connect to CIF, existing CIF plugin")
-            return
-
-    # establish a py queue to accept queue.put from the backbone
+        return
+
     from_backbone_to_cifq = Queue()
-    topic = "threatbus/intel"  # topic used by MISP when it sends to backbone
+    topic = "threatbus/intel"
     subscribe_callback(topic, from_backbone_to_cifq)
-    logger.debug(f"CIF plugin subscribed to topic {topic}")
 
     threading.Thread(
         target=receive_intel_from_backbone,
         args=[from_backbone_to_cifq, cif, config],
         daemon=True,
     ).start()
-    logger.debug("Started CIF thread to monitor future Intel from backbone...")
 
     logger.info("CIF3 plugin started")
diff --git a/plugins/apps/threatbus_zeek/plugin.py b/plugins/apps/threatbus_zeek/plugin.py
@@ -143,7 +143,6 @@ def run(config, logging, inq, subscribe_callback, unsubscribe_callback):
     broker_opts.forward = False
     ep = broker.Endpoint(broker.Configuration(broker_opts))
     ep.listen(host, port)
-    logger.info(f"Broker: endpoint listening - {host}:{port}")
 
     threading.Thread(
         target=listen, args=(logger, namespace, ep, inq), daemon=True