Skip to content
This repository has been archived by the owner on May 29, 2024. It is now read-only.

Use STIX-2 as internal format #97

Merged
merged 11 commits into from
Feb 16, 2021
Merged

Use STIX-2 as internal format #97

merged 11 commits into from
Feb 16, 2021

Conversation

0snap
Copy link
Contributor

@0snap 0snap commented Feb 11, 2021
edited
Loading

📔 Description

  • Use STIX-2 (version 2.1) as internal transport format for Indicators and Sightings. This breaks all existing plugins.
  • Migrate in-memory backbone plugin
  • Migrate RabbitMQ backbone plugin
  • Migate ZMQ-App plugin
  • The unit tests for all un-migrated plugins and pyvast-threatbus are disabled to make the CI happy. They will be migrated in separate PRs

📝 Checklist

  • All user-facing changes have changelog entries.
  • The changes are reflected on docs.tenzir.com/threatbus, if necessary.
  • The PR description contains instructions for the reviewer, if necessary.

🎯 Review Instructions

This PR can already be reviewed. Documentation will follow in the next iteration.

  • Go commit-by-commit
  • Use tests/utils to test all functionality

Walkthrough:

  • Install a fresh virtualenv
  • Start a local RabbitMQ (e.g., simply via docker)
  • Install TB + only those plugins that changed in this PR (in-mem, rabbitmq, zmq)
  • Start Threat Bus with the example config

Then you can use the tests/utils/zmq_sender.py and tests/utils/zmq_receiver.py to mimick small "apps". They connect to the ZMQ plugin and send messages back and forth. This should work independent of the backbone (in-mem or rabbit). Try both.

@0snap 0snap requested a review from mavam February 11, 2021 17:04
@lgtm-com
Copy link

lgtm-com bot commented Feb 11, 2021

This pull request introduces 2 alerts when merging 5ef2c14 into 671a0ea - view on LGTM.com

new alerts:

  • 1 for Except block handles 'BaseException'
  • 1 for Unused import

rolandpeelen
rolandpeelen approved these changes Feb 15, 2021
View reviewed changes
Copy link

@rolandpeelen rolandpeelen left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran this branch locally, and tested it. RabbitMQ backbone / ZMQ sender / receiver and was able to send messages across. I also tried to send some gibberish and that failed as expected.

I went through the code commit-by-commit. I'm not intimitely familiar with Threatbus nor Python, but I did not see anything out of the ordinary. I saw some points where I would possibly break some elements out to functions (like the double big try catch block in rabbitmq_publisher), but at the same time, breaking it out to a different file would not necessarily make it more clear.

If anyone wants to weigh in as well, feel free. But from my pov this is good to go :)

Screen Shot 2021-02-15 at 12 09 26 PM

@0snap 0snap changed the title Use Stix2 as internal format Use STIX-2 as internal format Feb 16, 2021
@0snap 0snap marked this pull request as ready for review February 16, 2021 14:42
@0snap 0snap merged commit 14637a0 into master Feb 16, 2021
@0snap 0snap deleted the story/ch12053 branch February 16, 2021 14:43
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers

@rolandpeelen rolandpeelen rolandpeelen approved these changes

@mavam mavam Awaiting requested review from mavam

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0snap @rolandpeelen