![Oracle Drags Its Feet in the JavaScript Trademark Dispute](https://cdn.sanity.io/images/cgdhsj6q/production/919c3b22c24f93884c548d60cbb338e819ff2435-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
A Threat Bus plugin to push indicators from Threat Bus to Collective Intelligence Framework v3.
The plugin uses the cifsdk (v3.x) Python client to submit indicators received from Threat Bus into a CIFv3 instance.
The plugin breaks with the pub/sub architecture of Threat Bus, because CIF does not subscribe itself to the bus. Instead, the plugin actively contacts a CIF endpoint.
pip install threatbus-cif3
Configure this plugin by adding a section to Threat Bus' config.yaml
file, as
follows:
...
plugins:
cif3:
api:
host: http://cif.host.tld:5000
ssl: false
token: CIF_TOKEN
group: everyone
confidence: 7.5
tlp: amber
tags:
- test
- malicious
...
The following guides describe how to set up local, dockerized instances of CIF.
Use dockerized CIFv3 to set up a local CIFv3 environment:
Setup a CIFv3 docker container
git clone https://github.com/sfinlon/cif-docker.git
cd cif-docker
docker-compose build
Edit the docker-compose.yml
vim docker-compose.yml
Find the section cif
in the configuration and edit the following as
appropriate to bind port 5000 to your localhost:
cif:
...
ports:
- "5000:5000"
...
Start the container
docker-compose up -d
# Get an interactive shell in the container:
docker-compose exec cif /bin/bash
# Become the cif user:
su cif
# check to see if access tokens were successfully created. Copy the `admin`
# token to the CIF config section:
cif-tokens
# Ping the router to ensure connectivity:
cif --ping
Threat Bus comes with a 3-clause BSD license.
FAQs
A plugin to enable indicators to be submitted to CIFv3 in real-time
We found that threatbus-cif3 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.