ThreatKB¶

The ThreatKB operator will send extracted artifacts to your ThreatKB instance.

Configuration Options¶

module (required): threatkb
url (required): Base URL for your ThreatKB instance.
token (required): Your ThreatKB authentication token.
secret_key (required): Your ThreatKB authentication secret key.
state (required): The State you want assigned to created artifacts.

Example Configuration¶

The following example assumes ThreatKB credentials have already been configured in the credentials section of the config, like this:

credentials:
  - name: threatkb-auth
    url: http://mythreatkb
    token: MYTOKEN
    secret_key: MYKEY

Inside the operators section of your configuration file:

- name: mythreatkb
  module: threatkb
  credentials: threatkb-auth
  state: Inbox