Home

Awesome

Cyrating2TH: Cyrating case Feeder for TheHive

Cyrating is a commercial cyber rating company. It allows businesses to be rated regarding their cyber exposure and compare themselves with their peers.

Cyrating2TH is a free, open source Cyrating case feeder for TheHive. It is used to track the reputation problem and track them as case. Because the scan occurs weekly, we choose to create directly the case and avoiding using alerts.

Cyrating2TH is written in Python 3.

Overview

Cyrating2TH is made of several parts:

Prerequisites

You'll need Python 3, the cyrating and arrow libraries as well as TheHive4py, a Python client for TheHive.

Clone the repository then copy the config.py.template file as config.py and fill in the blanks: proxies if applicable, API keys, URLs, accounts pertaining to your Cyrating subscription and your instance of TheHive.

Note: you need a valid API subscription to the Cyrating platform as well as TheHive 2.13 or better and an account with the ability to create alerts.

Then install the Python requirements:

$ pip3 install -r requirements.txt

Usage

Once your configuration file config.py is ready, use the main program to fetch or find Cyrating alerts:

./cyrating2th.py -h
usage: cyrating2th.py [-h] [-d] {alerts} ...

Retrieve Cyrating alerts and nd feed them to TheHive

positional arguments:
  {api,alerts,find}  subcommand help
    alerts           fetch reputation problem

optional arguments:
  -h, --help         show this help message and exit
  -d, --debug        generate a log file and active debug logging

The program has 3 options:

If you need debugging information, add the dswitch and the program will create a file called cyrating2th.log. It will be created in the same folder as the main program.

Get the API key

The first step consist of retrieving the Cyrating API key associated with your account.

Now update your config.py file with the key.

Retrieve alerts specified by their ID

./cyrating2th.py alerts -h
usage: cyrating2th.py alerts [-h]

optional arguments:
  -h, --help  show this help message and exit

Use cases

0 8 * * 1 /opt/Cyrating2TH/cyrating2th.py alerts >/dev/null 2>&1

When enabled, logs are written in the program's folder, in a file named cyrating2th.log.

License

Cyrating2TH is an open source and free software released under the AGPL (Affero General Public License). We are committed to ensure that Cyrating2TH will remain a free and open source project on the long-run.