Tutorial¶
Synchronized Integrations¶
To execute an integration, fill out your config.ini file properly (instructions here) and do the following:
from pm_lib_intel.core import phishme
ARGS = phishme.read_args(SCRIPT_DESCRIPTION='This is a sample integration.')
CONFIG = phishme.read_config(ARGS.config_file)
pm = phishme.PhishMeIntelligence(config=CONFIG, config_file_location=ARGS.config_file)
pm.sync()
This will contact the PhishMe Intelligence API, retrieve any new or modified threat intelligence since the last successful check-in, process it into the output(s) designated by config.ini, and return.
Search Integrations¶
Note
Because of the load volume against the PhishMe Intelligence API, these should not be used for automated lookups. Instead, use Synchronized Integrations to archive this intelligence and perform correlations against your local repository.
These type of integrations should only be used in cases where an analyst is actively researching individual IOCs. These will typically be for research tools or Automation/Orchestration platforms. To execute, fill out your config.ini file properly and do the following:
from pm_lib_intel.core import phishme
ARGS = phishme.read_args(SCRIPT_DESCRIPTION='This is a sample integration.')
CONFIG = phishme.read_config(ARGS.config_file)
pm = phishme.PhishMeIntelligence(config=CONFIG, config_file_location=ARGS.config_file)
results = pm.search(ioc=)
for result in results:
print result.threat_id
This will contact the PhishMe Intelligence API, pass any IOC or specified parameters to PhishMe, and print the ThreatId of any search results found.