creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/analyzing-threat-intelligence-feeds/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

94 lines
2.3 KiB
Markdown
Raw Blame History

# API Reference: Analyzing Threat Intelligence Feeds
## taxii2-client
### Server Discovery
```python
from taxii2client.v21 import Server
server = Server("https://cti.example.com/taxii2/", user="u", password="p")
for api_root in server.api_roots:
for col in api_root.collections:
print(col.id, col.title)
```
### Fetch Indicators from Collection
```python
from taxii2client.v21 import Collection, as_pages
collection = Collection(
"https://cti.example.com/taxii2/collections/abc123/",
user="u", password="p"
)
for bundle in as_pages(collection.get_objects, per_request=100):
for obj in bundle.get("objects", []):
if obj["type"] == "indicator":
print(obj["pattern"])
```
### Push Indicators
```python
collection.add_objects(stix_bundle_json)
```
## stix2 (Python Library)
### Create Indicator
```python
from stix2 import Indicator
indicator = Indicator(
name="Malicious IP",
pattern="[ipv4-addr:value = '1.2.3.4']",
pattern_type="stix",
valid_from="2025-01-01T00:00:00Z",
confidence=85,
)
```
### Create Bundle and Serialize
```python
from stix2 import Bundle
bundle = Bundle(objects=[indicator])
print(bundle.serialize(pretty=True))
```
### MemoryStore for Querying
```python
from stix2 import MemoryStore, Filter
store = MemoryStore(stix_data=bundle)
results = store.query([Filter("type", "=", "indicator")])
```
## STIX 2.1 Pattern Syntax
| IOC Type | Pattern |
|----------|---------|
| IPv4 | `[ipv4-addr:value = '1.2.3.4']` |
| Domain | `[domain-name:value = 'evil.com']` |
| SHA-256 | `[file:hashes.'SHA-256' = 'abc...']` |
| URL | `[url:value = 'http://evil.com/payload']` |
| Email | `[email-addr:value = 'phish@evil.com']` |
## TAXII 2.1 HTTP Endpoints
| Endpoint | Method | Description |
|----------|--------|-------------|
| `/taxii2/` | GET | Server discovery |
| `/{api-root}/collections/` | GET | List collections |
| `/{api-root}/collections/{id}/objects/` | GET | Get STIX objects |
| `/{api-root}/collections/{id}/objects/` | POST | Add STIX objects |
### References
- taxii2-client: https://pypi.org/project/taxii2-client/
- stix2 library: https://pypi.org/project/stix2/
- STIX 2.1 spec: https://docs.oasis-open.org/cti/stix/v2.1/stix-v2.1.html
- TAXII 2.1 spec: https://docs.oasis-open.org/cti/taxii/v2.1/taxii-v2.1.html
Reference in New Issue View Git Blame Copy Permalink