Skip to content

the SMRT Book

Scott Finlon edited this page May 31, 2019 · 12 revisions

Chapter 1 - Introduction

Features

  • Fetch
  • Listening
  • Parse
  • Map
  • Output
  • Cacheing data feeds - is the data feed new
  • State - remembers intelligence seem previously

csirtg-indicator

Chapter 2 - Installation

$ [sudo] pip install csirtg-smrt

Chapter 3 - Getting Started

Inputs / Parser

https://github.com/csirtgadgets/csirtg-smrt-py/tree/master/csirtg_smrt/parser

  • delimited (csv, tsv, pipe, etc)
  • json
  • xml
  • stix
  • email
  • cef
  • cifv2
  • cifv3

Outputs

  • json
  • bind
  • bro
  • snort
  • csv
  • table

Transports

https://github.com/csirtgadgets/csirtg-indicator-py/tree/master/csirtg_indicator/format

  • stdin
  • stdout
  • http
  • syslog
  • zmq

Apps

https://github.com/csirtgadgets/csirtg-smrt-py/tree/master/csirtg_smrt/client

  • cif
  • splunk
  • elasticsearch
  • zyre
  • bro
  • sie

Chapter 4 - the HTTP App

Preexisting configurations

  • Spamhaus
  • Dataplane
  • ...

Chapter 5 - Rules

Describe the rules configuration