Configuration¶

The stixtransclient.py utility can read its configuration parameters from the following locations:

/etc/ctitoolkit.conf

~/.ctitoolkit

a configuration file specified using the --config command line option

as explicit command line parameters

If a configuration option is specified in more than one of the above locations the last one processed will take precedence. Options are processed in the order listed above.

Any options that can be specified on the command line can be specified in a configuration file.

`ctitoolkit.conf` examples¶

Some examples follow:

YETI:

# Connect to the CERT Australia taxii server
# Authenticate using certificate and user credentials
# Poll indicators from the 'advisories' collection
# Output data in Bro intel framework format
source: YETI
hostname: yeti.host.tld
cert: /path/cert.pem
key: /path/key.pem
username: _USER_
password: _PASSWORD_
collection: advisories
base_url: https://source.host.com/advisories/
ssl: true
taxii: true
bro: true
aus: true

SoltraEdge:

source: HAT
hostname: hailataxii.com
username: guest
password: guest
path: /taxii-data
collection: guest.dataForLast_7daysOnly
taxii: true
soltra: true
bro: true

FILE:

# Process an STIX file and output to MISP
source: FILE
file: /path/to/stix/file.xml
misp: true
misp_url:http://misp.host.tld
misp_key:keykeykeykeykeykeyke

Configuration¶

ctitoolkit.conf examples¶

`ctitoolkit.conf` examples¶