mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 13:39:40 +03:00
Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills
Complete skill folder anatomy across all cybersecurity skills: - scripts/agent.py: 80-150 line Python agents using real libraries (impacket, boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.) - references/api-reference.md: real API documentation with method signatures - LICENSE: MIT license for all skill folders
This commit is contained in:
@@ -0,0 +1,99 @@
|
||||
# Threat Intelligence Platform Evaluation API Reference
|
||||
|
||||
## MISP REST API
|
||||
|
||||
```bash
|
||||
# Get version
|
||||
curl "https://misp.example.com/servers/getVersion.json" \
|
||||
-H "Authorization: YOUR_API_KEY" -H "Accept: application/json"
|
||||
|
||||
# Search events
|
||||
curl -X POST "https://misp.example.com/events/restSearch" \
|
||||
-H "Authorization: YOUR_API_KEY" -H "Content-Type: application/json" \
|
||||
-d '{"tags": ["apt28"], "limit": 50}'
|
||||
|
||||
# Export STIX 2.1
|
||||
curl "https://misp.example.com/events/restSearch" \
|
||||
-H "Authorization: YOUR_API_KEY" -H "Accept: application/json" \
|
||||
-d '{"returnFormat": "stix2"}'
|
||||
|
||||
# Feed management
|
||||
curl "https://misp.example.com/feeds/index.json" -H "Authorization: YOUR_API_KEY"
|
||||
```
|
||||
|
||||
## OpenCTI GraphQL API
|
||||
|
||||
```graphql
|
||||
# Get platform version
|
||||
query { about { version } }
|
||||
|
||||
# Search indicators
|
||||
query {
|
||||
indicators(filters: { key: "pattern_type", values: ["stix"] }) {
|
||||
edges { node { name pattern valid_from valid_until } }
|
||||
}
|
||||
}
|
||||
|
||||
# Get campaigns
|
||||
query {
|
||||
campaigns(first: 20, orderBy: created_at, orderMode: desc) {
|
||||
edges { node { name first_seen last_seen objectLabel { value } } }
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## ThreatConnect REST API
|
||||
|
||||
```bash
|
||||
# List indicators
|
||||
curl "https://api.threatconnect.com/v3/indicators" \
|
||||
-H "Authorization: TC <ACCESS_ID>:<HMAC_SIGNATURE>"
|
||||
|
||||
# Create indicator
|
||||
curl -X POST "https://api.threatconnect.com/v3/indicators" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d '{"type":"Host","hostName":"evil.example.com","rating":5,"confidence":80}'
|
||||
```
|
||||
|
||||
## TAXII 2.1 API
|
||||
|
||||
```bash
|
||||
# Discovery
|
||||
curl https://taxii.example.com/taxii2/ -H "Accept: application/taxii+json;version=2.1"
|
||||
|
||||
# Get API roots
|
||||
curl https://taxii.example.com/api1/ -H "Accept: application/taxii+json;version=2.1"
|
||||
|
||||
# List collections
|
||||
curl https://taxii.example.com/api1/collections/ -H "Accept: application/taxii+json;version=2.1"
|
||||
|
||||
# Get objects from collection
|
||||
curl "https://taxii.example.com/api1/collections/{id}/objects/" \
|
||||
-H "Accept: application/stix+json;version=2.1"
|
||||
```
|
||||
|
||||
## TIP Evaluation Criteria Weights
|
||||
|
||||
| Category | Criterion | Weight |
|
||||
|----------|-----------|--------|
|
||||
| Core | STIX 2.1 support | 10 |
|
||||
| Core | REST API | 9 |
|
||||
| Core | TAXII server | 8 |
|
||||
| Core | TLP enforcement | 8 |
|
||||
| Integration | SIEM integration | 9 |
|
||||
| Integration | Feed ingestion | 8 |
|
||||
| Integration | EDR integration | 7 |
|
||||
| Operations | Sharing (ISAC) | 7 |
|
||||
| Operations | Analyst workflow | 7 |
|
||||
| Operations | Reporting | 6 |
|
||||
|
||||
## Platform Comparison Matrix
|
||||
|
||||
| Feature | MISP | OpenCTI | ThreatConnect |
|
||||
|---------|------|---------|---------------|
|
||||
| License | Open Source | Open Source | Commercial |
|
||||
| STIX 2.1 | Native | Native | Import/Export |
|
||||
| TAXII 2.1 | Yes | Yes | Yes |
|
||||
| ATT&CK | Plugin | Native | Module |
|
||||
| Graph Viz | Basic | Advanced | Advanced |
|
||||
| SOAR | API | Connectors | Playbooks |
|
||||
Reference in New Issue
Block a user