ivancmonaco/trustar-challenge
1
0
Fork 0
mirror of https://github.com/ivancmonaco/TruStarChallenge.git synced 2026-04-16 04:08:50 -03:00
Code Issues Projects Releases Packages Wiki Activity
A challenge for a TruSTAR (now Splunk) Python developer position
5 commits 1 branch 0 tags 221 KiB
Find a file
Exact
Ivan Monaco 7eaf4251b7 Environment extractor in Makefile
2021-04-18 19:42:58 -03:00
src Initial Commit 2021-04-18 19:00:34 -03:00
.env Environment 2021-04-18 19:04:21 -03:00
.gitignore Environment 2021-04-18 19:04:21 -03:00
docker-compose.yml Environment 2021-04-18 19:04:21 -03:00
Dockerfile Initial Commit 2021-04-18 19:00:34 -03:00
Ecosystems Engineer - Questionnaire.pdf Add files via upload 2021-04-18 19:22:03 -03:00
Ecosystems Software Engineer II - Job Description.pdf Add files via upload 2021-04-18 19:22:03 -03:00
Makefile Environment extractor in Makefile 2021-04-18 19:42:58 -03:00
Pipfile Initial Commit 2021-04-18 19:00:34 -03:00
Pipfile.lock Initial Commit 2021-04-18 19:00:34 -03:00
README.md Create README.md 2021-04-18 19:20:38 -03:00

README.md

TruStarChallenge

A challenge for a TruSTAR Python developer position

Requisites

Usage

Development

Usage

Set Up

  • Edit .env file
  • Configure host and port ( defaults: 'localhost' and 4000)
  • Start server docker-compose up -d

Get Malware records from Mitre repository

Example

  • Method: POST
  • Endpoint: http://localhost:4000/mitre
  • Request Body: { "path": "/enterprise-attack/attack-pattern", "keys": ["id", "objects[0].name", "objects[0].kill_chain_phases"] }
  • Response Body: {"data": [{"id": "bundle--c321e442-bbf7-4448-b266-7e9b35e291b9", "objects[0].name": "Extra Window Memory Injection", "objects[0].kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "defense-evasion"}, {"kill_chain_name": "mitre-attack", "phase_name": "privilege-escalation"}]}, {"id": "bundle--d65aa246-3272-4253-8252-6b6e50906c49", "objects[0].name": "Indicator Removal from Tools"}, {"id": "bundle--8ecdd49f-9179-43f7-ab45-d1a4082a6b52", "objects[0].name": "System Owner/User Discovery", "objects[0].kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "discovery"}]}, ......, {"id": "bundle--82ba5532-29b6-4568-8461-204cc0f99e09", "objects[0].name": "Windows Admin Shares"}, {"id": "bundle--aaf675ae-c98d-4341-816f-9a8d54299b67", "objects[0].name": "SQL Stored Procedures", "objects[0].kill_chain_phases": [{"kill_chain_name": "mitre-attack", "phase_name": "persistence"}]}]}

Development

  • Start development server make dev
  • Run types checker make types
  • Run tests make test
  • Run linter make lint