You can use a TAXII server that is providing STIX Content and ingest the data from there using the process-server command.

Example:

$ cbc-threat-intel process-server --help
Usage: cbc-threat-intel process-server [OPTIONS]

  Process and import a TAXII Server (2.0/2.1/1.x)

  Example usage:

      cbc-threat-intel process-server --config-file=./config.yml

Options:
  --config-file TEXT  The configuration of the servers  [default: ./config.yml]
  --help              Show this message and exit.

The default path for the config path is {CURRENT_DIR}/config.yml.

This command will get the config file and start to ingest STIX content that is served by those TAXII Servers. In the example.yml file, an example configuration exists that you can use to setup your STIX content providers. Alternatively, if you have used an old Carbon Black Cloud connector ,you can use the cbc-threat-intel-wizard command to migrate your old configuration into the new one.

Using the Configuration Wizard

You can use the configuration wizard to manage config.yml.

Example:

$ cbc-threat-intel-wizard

This command opens a menu that lists the following options:

  • Migrate your current config
  • Create a new config file
  • Add new site or feed information

If you were using the old config.yml and want to migrate it, copy the old config.yml in the root directory of your project and use the first option in the wizard. This option overrides the old config and converts it in the format new config.

You can run the second option of the wizard to create a completely new config (if there was existing config.yml, it will be deleted). The wizard leads you through the configurations and values to provide to create a valid config. Enable only the feeds that you want to use.

The last option in the wizard allows you to add one more site information to existing ones. You must have a valid config.yml in the new format with existing site/feed information in order to use this option.

Manually Create the Configuration

If you don’t want to use the wizard tool to create a config, you can create the config by following example.yml and its descriptions.