This repository has been archived by the owner on Jun 17, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 17
Where do I start with Feeds
Wes edited this page Mar 8, 2017
·
1 revision
These integrations assume you have the python SDK and successfully installed and a valid ~/.cif.yml config. Installing the python client is as easy as:
$ pip cifsdk>=3.0.0a10If you're not familiar with the [output] Feeds concept with CIF, checkout the CIF book. The most common feed combinations are:
$ cif --feed --itype ipv4 --confidence 8 --tags scanner [--format snort|bro|csv|table|stix|json]
$ cif --feed --itype ipv4 --confidence 8 --tags hijacked
$ cif --feed --itype ipv4 --confidence 8 --tags botnet
$ cif --feed --itype ipv4 --confidence 8 --tags malware
$ cif --feed --itype ipv4 --confidence 8 --tags spam $ cif --feed --itype fqdn --confidence 8 --tags botnet [--format snort|bro|bind|...]
$ cif --feed --itype fqdn --confidence 8 --tags malware
$ cif --feed --itype fqdn --confidence 8 --tags phishing
$ cif --feed --itype fqdn --confidence 65 --tags malware
$ cif --feed --itype url --confidence 8 --tags phishing [--format snort|bro|csv|table|stix|json]
$ cif --feed --itype url --confidence 8 --tags malware
$ cif --feed --itype url --confidence 8 --tags botnet