• Stars
    star
    121
  • Rank 293,924 (Top 6 %)
  • Language
    Python
  • License
    BSD 3-Clause "New...
  • Created over 7 years ago
  • Updated 8 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OASIS TC Open Repository: TAXII 2 Server Library Written in Python

Build Status Codecov Coverage PyPI Version 3.0.0 ReadTheDocs Documentation Status

cti-taxii-server

This is an OASIS TC Open Repository. See the Governance section for more information.

Trusted Automated Exchange of Intelligence Information (TAXIIβ„’) is an application layer protocol for the communication of cyber threat information in a simple and scalable manner.

Medallion is a minimal implementation of a TAXII 2.1 Server in Python.

WARNING: medallion was designed as a prototype and reference implementation of TAXII 2.1, and is not intended for production use.

medallion has been designed to be a simple front-end REST server providing access to the endpoints defined in that specification. It uses the python framework - Flask. medallion depends on back-end "plugins" which handle the persistence of the TAXII data and metadata. The TAXII specification is agnostic to what type of data a TAXII server stores, but this will usually be STIX 2 content.

Two back-end plugins are provided with medallion: the Memory back-end and the MongoDB back-end. The Memory back-end persists data "in memory". It is initialized using a json file that contains TAXII data and metadata. It is possible to save the current state of the in memory store, but this back-end is really intended only for testing purposes. The MongoDB backend is somewhat more robust and makes use of a MongoDB server, installed independently. The MongoDB back-end can only be used if the pymongo python package is installed. An error message will result if it is used without that package.

For more information, see the documentation on ReadTheDocs.

Installation

The easiest way to install medallion is with pip

$ pip install medallion

Usage

As a script

Medallion provides a command-line interface to start the TAXII Server

usage: medallion [-h] [--host HOST] [--port PORT] [--debug-mode]
                 [--log-level {DEBUG,INFO,WARN,ERROR,CRITICAL}]
                 [-c CONF_FILE] [--conf-dir CONF_DIR | --no-conf-dir]
                 [--conf-check] [CONFIG_PATH]

medallion v3.0.0

positional arguments:
  CONFIG_PATH           Deprecated argument for specifying a single
                        JSON configuration file. Do not specify this
                        and `--conf-file`.

optional arguments:
  -h, --help            show this help message and exit

  --host HOST           The host to listen on.

  --port PORT           The port of the web server.

  --debug-mode          If set, start application in debug mode.

  --log-level {DEBUG,INFO,WARN,ERROR,CRITICAL}
                        The logging output level for medallion.

  -c CONF_FILE, --conf-file CONF_FILE
                        Path to a single configuration file. Defaults to the
                        value of the MEDALLION_CONFFILE environment variable
                        or /etc/xdg/medallion/3/medallion.conf.

  --conf-dir CONF_DIR   Path to a directory containing JSON configuration
                        files with names ending in .json or .conf. Defaults to
                        the value of the MEDALLION_CONFDIR environment
                        variable or /etc/xdg/medallion/3/config.d.

  --no-conf-dir         Disable the use of any configuration directory as
                        described for --conf-dir. This may be used to ensure
                        that the default or some value from the environment is
                        not used.

  --conf-check          Evaluate medallion configuration without running the
                        server.

To run medallion

$ python medallion/scripts/run.py --conf-file <config-file>

Make sure medallion is using the same port that your TAXII client will be connecting on. You can specify which port medallion runs on using the --port option, for example

$ medallion --port 80 --conf-file config_file.json

The <config_file> contains:

  • configuration information for the backend plugin
  • a simple user name/password dictionary

To use the Memory back-end plug, include the following in the <config-file>:

{
    "backend": {
        "module_class": "MemoryBackend",
        "filename": "<path to json file with initial data>"
    }
}

To use the Mongo DB back-end plug, include the following in the <config-file>:

{
     "backend": {
        "module_class": "MongoBackend",
        "uri": "<Mongo DB server url>  # e.g., 'mongodb://localhost:27017/'"
     }
}

Note: A Mongo DB should be available at some URL when using the Mongo DB back-end

A description of the Mongo DB structure expected by the mongo db backend code is described in the documentation.

As required by the TAXII specification, medallion supports HTTP Basic authorization. However, the user names and passwords are currently stored in the <config_file> in plain text.

Here is an example:

{
    "users": {
       "admin": "Password0",
       "user1": "Password1",
       "user2": "Password2"
    }
}

The authorization is enabled using the python package flask_httpauth. Authorization could be enhanced by changing the method "decorated" using @auth.get_password in medallion/__init__.py

Configs may also contain a "taxii" section as well, as shown below:

{
    "taxii": {
       "max_page_size": 100
       "interop_requirements": true
    }
}

All TAXII servers require a config, though if any of the sections specified above are missing, they will be filled with default values.

The interop_requirements option will enforce additional requireemnts from the TAXII 2.1 Interoperability specification. It defaults to false.

We welcome contributions for other back-end plugins.

Docker

We also provide a Docker image to make it easier to run medallion

$ docker build . -t medallion -f docker_utils/Dockerfile

If operating behind a proxy, add the following option (replacing <proxy> with your proxy location and port): --build-arg https_proxy=<proxy>.

Then run the image

$ docker run --rm -p 5000:5000 -v <directory>:/var/taxii medallion

Replace <directory> with the full path to the directory containing your medallion configuration.

Governance

This GitHub public repository ( https://github.com/oasis-open/cti-taxii-server ) was created at the request of the OASIS Cyber Threat Intelligence (CTI) TC as an OASIS TC Open Repository to support development of open source resources related to Technical Committee work.

While this TC Open Repository remains associated with the sponsor TC, its development priorities, leadership, intellectual property terms, participation rules, and other matters of governance are separate and distinct from the OASIS TC Process and related policies.

All contributions made to this TC Open Repository are subject to open source license terms expressed in the BSD-3-Clause License. That license was selected as the declared "Applicable License" when the TC Open Repository was created.

As documented in "Public Participation Invited", contributions to this OASIS TC Open Repository are invited from all parties, whether affiliated with OASIS or not. Participants must have a GitHub account, but no fees or OASIS membership obligations are required. Participation is expected to be consistent with the OASIS TC Open Repository Guidelines and Procedures, the open source LICENSE designated for this particular repository, and the requirement for an Individual Contributor License Agreement that governs intellectual property.

Maintainers

TC Open Repository Maintainers are responsible for oversight of this project's community development activities, including evaluation of GitHub pull requests and preserving open source principles of openness and fairness. Maintainers are recognized and trusted experts who serve to implement community goals and consensus design preferences.

Initially, the associated TC members have designated one or more persons to serve as Maintainer(s); subsequently, participating community members may select additional or substitute Maintainers, per consensus agreements.

Current Maintainers of this TC Open Repository

About OASIS TC Open Repositories

Feedback

Questions or comments about this TC Open Repository's activities should be composed as GitHub issues or comments. If use of an issue/comment is not possible or appropriate, questions may be directed by email to the Maintainer(s) listed above. Please send general questions about Open Repository participation to OASIS Staff at [email protected] and any specific CLA-related questions to [email protected].

More Repositories

1

cti-python-stix2

OASIS TC Open Repository: Python APIs for STIX 2
Python
368
star
2

cti-stix-visualization

OASIS TC Open Repository: Lightweight visualization for STIX 2.0 objects and relationships
JavaScript
138
star
3

cti-taxii-client

OASIS TC Open Repository: TAXII 2 Client Library Written in Python
Python
110
star
4

cti-stix2-json-schemas

OASIS TC Open Repository: Non-normative schemas and examples for STIX 2
ANTLR
109
star
5

cti-documentation

OASIS TC Open Repository: GitHub Pages site for STIX and TAXII
SCSS
93
star
6

cti-stix-common-objects

OASIS Cyber Threat Intelligence (CTI) TC: A repository for commonly used STIX objects in order to avoid needless duplication. https://github.com/oasis-open/cti-stix-common-objects
80
star
7

legaldocml-akomantoso

OASIS TC Open Repository: Schema files, examples, exemplificative implementations and libraries, and documentation related to the LegalDocML TC and Akoma Ntoso schema
60
star
8

cti-stix-validator

OASIS TC Open Repository: Validator for STIX 2.0 JSON normative requirements and best practices
Python
50
star
9

cti-stix-elevator

OASIS Cyber Threat Intelligence (CTI) TC Open Repository: Convert STIX 1.2 XML to STIX 2.x JSON
Python
49
star
10

cti-training

OASIS TC Open Repository: Providing a collection of CTI-related training materials
47
star
11

cti-pattern-matcher

OASIS TC Open Repository: Match STIX content against STIX patterns
Python
43
star
12

cti-stix-generator

OASIS Cyber Threat Intelligence (CTI) TC: A tool for generating STIX content for prototyping and testing. https://github.com/oasis-open/cti-stix-generator
Python
37
star
13

tosca-community-contributions

OASIS TC Open Repository: Manages TOSCA profiles, tests, and templates that are maintained by the TOSCA community. They are intended to be used as examples to help developers get started with TOSCA and to test compliance of TOSCA implementations with the standard.
Shell
37
star
14

cti-pattern-validator

OASIS TC Open Repository: Validate patterns used to express cyber observable content in STIX Indicators
Python
26
star
15

csaf-parser

OASIS TC Open Repository: CSAF Parser tool for parsing and checking the syntax of the Common Vulnerability Reporting Framework (CVRF) content
Python
23
star
16

cti-stix-slider

OASIS TC Open Repository: The repository cti-stix-slider supports development of a Python application to convert STIX 2.0 content to STIX 1.x content
Python
21
star
17

csaf-documentation

OASIS TC Open Repository: A GitHub repository for management of non-normative information about the work of the CSAF Technical Committee, including documentation
CSS
19
star
18

odata-rapid

Rapid - Specification, tools and libraries to support the development and adoption of simple REST-based APIs.
JavaScript
17
star
19

cti-sep-repository

OASIS TC Open Repository: STIX Enhancement Proposals (SEPs) https://github.com/oasis-open/cti-sep-repository
Shell
16
star
20

dita-stylesheets

OASIS TC Open Repository: Developing style sheets and other resources that can be used to build OASIS-styled publications from DITA source
XSLT
14
star
21

openc2-lycan-python

OASIS TC Open Repository: A GitHub public repository for development of a python library to transform between data-interchange formats (such as JSON) and python language objects
Python
11
star
22

dita-lightweight

OASIS TC Open Repository: Schema files, tools and documentation related to the Lightweight DITA Subcommittee.
9
star
23

tac-ontology

OASIS Threat Actor Context (TAC) TC: Creating an ontology for expressing the rich context around Threat Actors. https://github.com/oasis-open/tac-ontology
9
star
24

mqtt-sn-sample-resources

OASIS TC Open Repository: Contains a collection of MQTT-SN applications and libraries in any programming language, examples, samples and other educational materials. https://github.com/oasis-open/mqtt-sn-sample-resources
Java
8
star
25

openc2-jadn-software

OASIS TC Open Repository: Development and maintenance of JADN (JSON Abstract Data Notation), a JSON document format for defining abstract schemas.
Python
8
star
26

dita-rng-converter

OASIS TC Open Repository: The DITA RNG Converter provides cross-platform tools for generating DITA-conforming DTD- and XSD-format versions of RELAX NG DITA grammars: document type shells, vocabulary modules, and constraint modules. It makes it as easy as possible to develop and maintain DITA grammars by allowing use of RELAX NG syntax.
XSLT
7
star
27

openc2-lycan-java

OASIS TC Open Repository: A GitHub public repository for development of a java library to transform between data-interchange formats (such as JSON) and java language objects
Java
7
star
28

legalruleml-repo

OASIS TC Open Repository: Public GitHub repository for developing and distributing good examples in order to share knowledge about the correct application of LegalRuleML standard
5
star
29

openc2-oif-device

OASIS TC Open Repository: Supports development OpenC2 Integration Framework (OIF) Device
Python
5
star
30

openc2-lycan-beam

OASIS TC Open Repository: Developing a collection of applications and libraries, coded in languages that run on the BEAM virtual machine (e.g., erlang, elixir), for the purpose of implementing OpenC2
Erlang
5
star
31

cti-marking-prototype

OASIS TC Open Repository: Prototype for processing granular data markings in STIX
Python
4
star
32

openc2-oif-orchestrator

OASIS TC Open Repository: Supports development OpenC2 Integration Framework (OIF) Orchestrator
Python
4
star
33

dita-specializations

OASIS Darwin Information Typing Architecture (DITA) TC: This repository provides storage for DITA specializations that were developed by the DITA TC, but which are no longer part of the DITA standard. https://github.com/oasis-open/dita-specializations
4
star
34

cti-python-stix2-extensions

OASIS Python-STIX2 API extensions: a repository for python-stix2 API code developed for specification candidate extension definitions.
Jupyter Notebook
4
star
35

cacao-json-schemas

JSON validation schemas for CACAO Playbooks
4
star
36

emergency-emf

OASIS Emergency Management TC: The OASIS Emergency Management Framework (EMF) is a reference implementation and toolkit for enabling standardized emergency information exchange. https://github.com/oasis-open/emergency-emf
3
star
37

cti-cybox3-json-schemas

OASIS TC Open Repository: Non-normative schemas and examples for CybOX 3
3
star
38

openc2-custom-aps

OASIS TC Open Repository: Providing a publicly available repository for Custom Actuator Profiles and supporting collaborative development of OpenC2 Custom Actuator Profiles. https://github.com/oasis-open/openc2-custom-aps
3
star
39

openc2-iosacl-adapter

OASIS OpenC2 TC: A prototype implementation in R to transform between OpenC2 and Cisco ACL formats. The adapter supports access control list (ACL) management. https://github.com/oasis-open/openc2-iosacl-adapter
R
2
star
40

openc2-ocas

OASIS TC Open Repository: OpenC2 API Simulator (ocas) is an erlang/OTP application written in Erlang to demonstrate and exercise the OpenC2 specification
Erlang
2
star
41

openeox

OASIS TC Open Repository: OpenEoX Awareness and Adoption
1
star
42

tac-common-semantic-individuals

OASIS Threat Actor Context (TAC) TC: A repository for commonly used semantic individuals in order to avoid needless duplication. https://github.com/oasis-open/tac-common-semantic-individuals
1
star
43

openc2-compatibility

OASIS TC Open Repository: Supporting the capture of OpenC2 core design principles and development of implementation guidelines so that implementers can agree on language and protocols to build interoperable systems
1
star
44

dita-adoption-public

OASIS DITA Adoption TC: Helping promote the use and understanding of the DITA XML standard. https://github.com/oasis-open/dita-adoption-public
1
star
45

openc2-pub-sub-on-bsd

OASIS TC Open Repository: A prototype reference implementation that demonstrates OpenC2 working within a pub/sub environment
C
1
star
46

openc2-reactor-master

OASIS TC Open Repository: Reactor-master is a feedback-driven GUI master/actuator orchestration framework for the OpenC2 language, written in Python; it provides a way to administer multiple reactor-relay deployments
1
star
47

cti-interop

OASIS TC Open Repository: Advancing Cyber Threat Intelligence (CTI) Interoperability, including issue tracking, development of test-data useful for STIXPreferred, and management of other supporting content for the STIXPreferred program, which is open to all
1
star