mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00

Files

T

mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills

Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders

2026-03-10 21:02:12 +01:00

2.3 KiB

Raw Blame History

API Reference: Analyzing Threat Intelligence Feeds

taxii2-client

Server Discovery

from taxii2client.v21 import Server

server = Server("https://cti.example.com/taxii2/", user="u", password="p")
for api_root in server.api_roots:
    for col in api_root.collections:
        print(col.id, col.title)

Fetch Indicators from Collection

from taxii2client.v21 import Collection, as_pages

collection = Collection(
    "https://cti.example.com/taxii2/collections/abc123/",
    user="u", password="p"
)
for bundle in as_pages(collection.get_objects, per_request=100):
    for obj in bundle.get("objects", []):
        if obj["type"] == "indicator":
            print(obj["pattern"])

Push Indicators

collection.add_objects(stix_bundle_json)

stix2 (Python Library)

Create Indicator

from stix2 import Indicator

indicator = Indicator(
    name="Malicious IP",
    pattern="[ipv4-addr:value = '1.2.3.4']",
    pattern_type="stix",
    valid_from="2025-01-01T00:00:00Z",
    confidence=85,
)

Create Bundle and Serialize

from stix2 import Bundle
bundle = Bundle(objects=[indicator])
print(bundle.serialize(pretty=True))

MemoryStore for Querying

from stix2 import MemoryStore, Filter
store = MemoryStore(stix_data=bundle)
results = store.query([Filter("type", "=", "indicator")])

STIX 2.1 Pattern Syntax

IOC Type	Pattern
IPv4	`[ipv4-addr:value = '1.2.3.4']`
Domain	`[domain-name:value = 'evil.com']`
SHA-256	`[file:hashes.'SHA-256' = 'abc...']`
URL	`[url:value = 'http://evil.com/payload']`
Email	`[email-addr:value = 'phish@evil.com']`

TAXII 2.1 HTTP Endpoints

Endpoint	Method	Description
`/taxii2/`	GET	Server discovery
`/{api-root}/collections/`	GET	List collections
`/{api-root}/collections/{id}/objects/`	GET	Get STIX objects
`/{api-root}/collections/{id}/objects/`	POST	Add STIX objects

References

taxii2-client: https://pypi.org/project/taxii2-client/
stix2 library: https://pypi.org/project/stix2/
STIX 2.1 spec: https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html
TAXII 2.1 spec: https://docs.oasis-open.org/cti/taxii/v2.1/taxii-v2.1.html

2.3 KiB Raw Blame History

API Reference: Analyzing Threat Intelligence Feeds

taxii2-client

Server Discovery

Fetch Indicators from Collection

Push Indicators

stix2 (Python Library)

Create Indicator

Create Bundle and Serialize

MemoryStore for Querying

STIX 2.1 Pattern Syntax

TAXII 2.1 HTTP Endpoints

References

2.3 KiB

Raw Blame History