public class Malc0deRssBlockedDomainUpdateService extends BaseThreatFeedUpdateService
http://malc0de.com/rss/
This implementation only servers as an example for how to write your own Threat Feed Update Service to import Threat Feeds into a group created under CMDB->Blocked Domains within FortiSIEM System.
Before using this class, please go to http://malc0de.com to find out whether you can use it in your environment legally.
DEFAULT_CSV_QUOTE_CHARACTER, DEFAULT_CSV_SEPARATOR
Constructor and Description |
---|
Malc0deRssBlockedDomainUpdateService() |
Modifier and Type | Method and Description |
---|---|
String |
download(ServiceContext context)
The function to download External Thread Feeds from a third party web
site.
|
Map<String,List<ThreatFeedDTO>> |
parse(ServiceContext context,
String filePath,
String parentGroup,
List<String> childGroups)
The function to parse the Threat Feeds downloaded by the download
function.
|
appendCondition, download, download, getMaxReadLines, getReadByte, getStartLine, parseLine, setBackReadResult
public Malc0deRssBlockedDomainUpdateService()
public String download(ServiceContext context)
BaseThreatFeedUpdateService
The default implementation of this function downloads all the available Threat Feeds and saves the downloaded raw content to a local file as same format as defined in the web site and return the file name as the result. This download method supports HTTP(s) Basic Authorization only.
This default implementation can be overwritten if this default implementation doesn't meet the API requirement of the third party web site.
download
in class BaseThreatFeedUpdateService
context
- The service context that holds setup parameters
needed for the download.ServiceContext
public Map<String,List<ThreatFeedDTO>> parse(ServiceContext context, String filePath, String parentGroup, List<String> childGroups) throws UnsupportedEncodingException, FileNotFoundException, IOException
BaseThreatFeedUpdateService
This API must be implemented to parse and convert a downloaded Threat
Feed into ThreatFeedDTO
object.
If you assign any Threat Feeds to a child group that doesn't exist in CMDB yet, this child group will be created during importing these Threat Feeds to this child group in CMDB. Also, if you would like assign the downloaded Threat Feeds to a child group, not the parent group named as 'groupName', you should not assign any of the Threat Feeds to this parent group in the return mapping.
parse
in class BaseThreatFeedUpdateService
context
- The service context which holds set up parameters
you may need for parsing.filePath
- The file path or the download Content String that will be
parsed by this function.parentGroup
- The CMDB group name that is being set up to schedule to
download Threat Feeds.childGroups
- a list of child groups under the group 'groupName'
that may hold the downloaded Threat Feeds.UnsupportedEncodingException
FileNotFoundException
IOException
ServiceContext
,
ThreatFeedDTO
Copyright © 2019. All rights reserved.