[silentpush-enrichment] Verify connector

Author: throuxel

internal-enrichment/silentpush-enrichment/.env.sample

@@ -1,2 +1,16 @@
-OPENCTI_TOKEN=changeme
-SILENTPUSH_API_KEY=YOUR-SILENT-PUSH-API-KEY
+# Generic parameters (connection with OpenCTI)
+OPENCTI_URL=http://opencti:8080
+OPENCTI_TOKEN=CHANGEM
+
+# Common parameters for connectors
+CONNECTOR_ID=CHANGEME
+# CONNECTOR_NAME=Silent Push - Enrichment
+# CONNECTOR_SCOPE=Indicator,URL,IPv4-Addr,IPv6-Addr,Domain-Name
+# CONNECTOR_LOG_LEVEL=error
+# CONNECTOR_AUTO=false
+
+# Custom parameters for connector-silentpush
+SILENTPUSH_API_BASE_URL=CHANGEME
+SILENTPUSH_API_KEY=CHANGEME
+# SILENTPUSH_MAX_TLP_LEVEL=TLP:CLEAR # Available values: TLP:CLEAR, TLP:WHITE, TLP:GREEN, TLP:AMBER, TLP:AMBER+STRICT, TLP:RED
+# SILENTPUSH_VERIFY_CERT=true

internal-enrichment/silentpush-enrichment/Dockerfile

@@ -1,23 +1,16 @@
-FROM python:3.12-alpine as silentpush-enrichment
-
-LABEL authors="[email protected]"
-
-ENV CONNECTOR_TYPE=INTERNAL_ENRICHMENT
-ENV CONNECTOR_SCOPE=Indicator,URL,IPv4-Addr,IPv6-Addr,Domain-Name,Hostname
+FROM python:3.12-alpine
 
 # Copy the connector
-COPY src /opt/silentpush-enrichment
+COPY src /opt/opencti-connector-silentpush-enrichment
+WORKDIR /opt/opencti-connector-silentpush-enrichment
 
 # Install Python modules
 # hadolint ignore=DL3003
 RUN apk update && apk upgrade && \
     apk --no-cache add git build-base libmagic libffi-dev libxml2-dev libxslt-dev
 
-RUN cd /opt/silentpush-enrichment && \
+RUN cd /opt/opencti-connector-silentpush-enrichment && \
     pip3 install --no-cache-dir -r requirements.txt && \
     apk del git build-base
 
-# Expose and entrypoint
-COPY entrypoint.sh /
-RUN chmod +x /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
+CMD ["python", "main.py"]

internal-enrichment/silentpush-enrichment/README.md

@@ -28,7 +28,10 @@ We apply unique behavioral fingerprints to attacker activity and search across o
 
 ### Requirements
 
-- OpenCTI Platform >= 6.4.2
+- Python >= 3.11
+- OpenCTI Platform >= 6.8.13
+- [`pycti`](https://pypi.org/project/pycti/) library matching your OpenCTI version
+- [`connectors-sdk`](https://github.com/OpenCTI-Platform/connectors.git@master#subdirectory=connectors-sdk) library matching your OpenCTI version
 
 ## Configuration variables
 
@@ -40,33 +43,33 @@ in `config.yml` (for manual deployment).
 Below are the parameters you'll need to set for OpenCTI:
 
 | Parameter     | config.yml | Docker environment variable | Mandatory | Description                                          |
-|---------------|------------|-----------------------------|-----------|------------------------------------------------------|
+| ------------- | ---------- | --------------------------- | --------- | ---------------------------------------------------- |
 | OpenCTI URL   | url        | `OPENCTI_URL`               | Yes       | The URL of the OpenCTI platform.                     |
 | OpenCTI Token | token      | `OPENCTI_TOKEN`             | Yes       | The default admin token set in the OpenCTI platform. |
 
 ### Base connector environment variables
 
 Below are the parameters you'll need to set for running the connector properly:
 
-| Parameter       | config.yml      | Docker environment variable | Default | Mandatory | Description                                                                              |
-|-----------------|-----------------|-----------------------------|---------|-----------|------------------------------------------------------------------------------------------|
-| Connector ID    | id              | `CONNECTOR_ID`              | /       | Yes       | A unique `UUIDv4` identifier for this connector instance.                                |
-| Connector Type  | type            | `CONNECTOR_TYPE`            |         | Yes       | Should always be set to `INTERNAL_ENRICHMENT` for this connector.                        |
-| Connector Name  | name            | `CONNECTOR_NAME`            |         | Yes       | Name of the connector.                                                                   |
-| Connector Scope | scope           | `CONNECTOR_SCOPE`           |         | Yes       | The scope or type of data the connector is importing, either a MIME type or Stix Object. |
-| Log Level       | log_level       | `CONNECTOR_LOG_LEVEL`       | info    | Yes       | Determines the verbosity of the logs. Options are `debug`, `info`, `warn`, or `error`.   |
-| Connector Auto  | connector_auto	 | `CONNECTOR_AUTO`            | True    | Yes       | Must be `true` or `false` to enable or disable auto-enrichment of observables            |
+| Parameter       | config.yml     | Docker environment variable | Default         | Mandatory | Description                                                                              |
+| --------------- | -------------- | --------------------------- | --------------- | --------- | ---------------------------------------------------------------------------------------- |
+| Connector ID    | id             | `CONNECTOR_ID`              | /               | Yes       | A unique `UUIDv4` identifier for this connector instance.                                |
+| Connector Type  | type           | `CONNECTOR_TYPE`            | EXTERNAL_IMPORT | Yes       | Should always be set to `INTERNAL_ENRICHMENT` for this connector.                        |
+| Connector Name  | name           | `CONNECTOR_NAME`            |                 | Yes       | Name of the connector.                                                                   |
+| Connector Scope | scope          | `CONNECTOR_SCOPE`           |                 | Yes       | The scope or type of data the connector is importing, either a MIME type or Stix Object. |
+| Log Level       | log_level      | `CONNECTOR_LOG_LEVEL`       | info            | Yes       | Determines the verbosity of the logs. Options are `debug`, `info`, `warn`, or `error`.   |
+| Connector Auto  | connector_auto | `CONNECTOR_AUTO`            | True            | Yes       | Must be `true` or `false` to enable or disable auto-enrichment of observables            |
 
 ### Connector extra parameters environment variables
 
 Below are the parameters you'll need to set for the connector:
 
 | Parameter                         | config.yml   | Docker environment variable | Default                            | Mandatory | Description                                                             |
 |-----------------------------------|--------------|-----------------------------|------------------------------------|-----------|-------------------------------------------------------------------------|
-| API base URL                      | api_base_url | SILENTPUSH_API_BASE_URL     | https://app.silentpush.com/api/v1/ | No        | The Silent Push API URL                                                 |
+| API base URL                      | api_base_url | SILENTPUSH_API_BASE_URL     | https://app.silentpush.com/api/v2/ | No        | The Silent Push API URL                                                 |
 | API key                           | api_key      | SILENTPUSH_API_KEY          |                                    | Yes       | You need an API key, sign up at https://explore.silentpush.com/register |
 | Signed or self signed Certificate | verify_cert  | SILENTPUSH_VERIFY_CERT      | True                               | No        |                                                                         |
-| TLP classification                | max_tlp      |                             |                                    | No        |                                                                         |
+| TLP classification                | max_tlp      | SILENTPUSH_MAX_TLP          | TLP:AMBER                          | No        |                                                                         |
 
 ## Deployment
 
@@ -106,7 +109,7 @@ Install the required python dependencies (preferably in a virtual environment):
 pip3 install -r requirements.txt
 ```
 
-Then, start the connector from silentpush-enrichment/src:
+Then, start the connector from `src` directory:
 
 ```shell
 python3 main.py
@@ -128,15 +131,13 @@ download of data by re-running the connector.
 This connector enriches Domains, IPv4, IPv6 and URLs observables.
 Also enriches indicators containing those types of observables.
 
-
 ## Debugging
 
 The connector can be debugged by setting the appropiate log level.
 Note that logging messages can be added using `self.helper.connector_logger,{LOG_LEVEL}("Sample message")`, i.
 e., `self.helper.connector_logger.error("An error message")`.
 
-<!-- Any additional information to help future users debug and report detailed issues concerning this connector -->
 
 ## Additional information
 
-Anything needed please talk to us at [[email protected]](mailto:[email protected])
+Anything needed please talk to us at [[email protected]](mailto:[email protected])

internal-enrichment/silentpush-enrichment/__metadata__/CONNECTOR_CONFIG_DOC.md

@@ -0,0 +1,19 @@
+# Connector Configurations
+
+Below is an exhaustive enumeration of all configurable parameters available, each accompanied by detailed explanations of their purposes, default behaviors, and usage guidelines to help you understand and utilize them effectively.
+
+### Type: `object`
+
+| Property | Type | Required | Possible values | Default | Description |
+| -------- | ---- | -------- | --------------- | ------- | ----------- |
+| OPENCTI_URL | `string` | ✅ | Format: [`uri`](https://json-schema.org/understanding-json-schema/reference/string#built-in-formats) |  | The base URL of the OpenCTI instance. |
+| OPENCTI_TOKEN | `string` | ✅ | string |  | The API token to connect to OpenCTI. |
+| CONNECTOR_SCOPE | `array` | ✅ | string |  | The scope of the connector, e.g. 'flashpoint'. |
+| SILENTPUSH_API_KEY | `string` | ✅ | string |  | API key for authentication. |
+| CONNECTOR_NAME | `string` |  | string | `"SilentpushConnector"` | The name of the connector. |
+| CONNECTOR_LOG_LEVEL | `string` |  | `debug` `info` `warn` `warning` `error` | `"error"` | The minimum level of logs to display. |
+| CONNECTOR_TYPE | `const` |  | `INTERNAL_ENRICHMENT` | `"INTERNAL_ENRICHMENT"` |  |
+| CONNECTOR_AUTO | `boolean` |  | boolean | `false` | Whether the connector should run automatically when an entity is created or updated. |
+| SILENTPUSH_API_BASE_URL | `string` |  | Format: [`uri`](https://json-schema.org/understanding-json-schema/reference/string#built-in-formats) | `"https://app.silentpush.com/api/v2/"` | External API base URL. |
+| SILENTPUSH_MAX_TLP | `string` |  | `TLP:WHITE` `TLP:CLEAR` `TLP:GREEN` `TLP:AMBER` `TLP:AMBER+STRICT` `TLP:RED` | `"TLP:AMBER"` | Max TLP level of the entities to enrich. |
+| SILENTPUSH_VERIFY_CERT | `boolean` |  | boolean | `true` | Whether to verify SSL certificates when connecting to the API. |

internal-enrichment/silentpush-enrichment/__metadata__/connector_config_schema.json

@@ -0,0 +1,89 @@
+{
+  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$id": "https://www.filigran.io/connectors/silentpush-enrichment_config.schema.json",
+  "type": "object",
+  "properties": {
+    "OPENCTI_URL": {
+      "description": "The base URL of the OpenCTI instance.",
+      "format": "uri",
+      "maxLength": 2083,
+      "minLength": 1,
+      "type": "string"
+    },
+    "OPENCTI_TOKEN": {
+      "description": "The API token to connect to OpenCTI.",
+      "type": "string"
+    },
+    "CONNECTOR_NAME": {
+      "default": "SilentpushConnector",
+      "description": "The name of the connector.",
+      "type": "string"
+    },
+    "CONNECTOR_SCOPE": {
+      "description": "The scope of the connector, e.g. 'flashpoint'.",
+      "items": {
+        "type": "string"
+      },
+      "type": "array"
+    },
+    "CONNECTOR_LOG_LEVEL": {
+      "default": "error",
+      "description": "The minimum level of logs to display.",
+      "enum": [
+        "debug",
+        "info",
+        "warn",
+        "warning",
+        "error"
+      ],
+      "type": "string"
+    },
+    "CONNECTOR_TYPE": {
+      "const": "INTERNAL_ENRICHMENT",
+      "default": "INTERNAL_ENRICHMENT",
+      "type": "string"
+    },
+    "CONNECTOR_AUTO": {
+      "default": false,
+      "description": "Whether the connector should run automatically when an entity is created or updated.",
+      "type": "boolean"
+    },
+    "SILENTPUSH_API_BASE_URL": {
+      "default": "https://app.silentpush.com/api/v2/",
+      "description": "External API base URL.",
+      "format": "uri",
+      "maxLength": 2083,
+      "minLength": 1,
+      "type": "string"
+    },
+    "SILENTPUSH_API_KEY": {
+      "description": "API key for authentication.",
+      "type": "string"
+    },
+    "SILENTPUSH_MAX_TLP": {
+      "default": "TLP:AMBER",
+      "description": "Max TLP level of the entities to enrich.",
+      "enum": [
+        "TLP:WHITE",
+        "TLP:CLEAR",
+        "TLP:GREEN",
+        "TLP:AMBER",
+        "TLP:AMBER+STRICT",
+        "TLP:RED"
+      ],
+      "type": "string"
+    },
+    "SILENTPUSH_VERIFY_CERT": {
+      "default": true,
+      "description": "Whether to verify SSL certificates when connecting to the API.",
+      "type": "boolean"
+    }
+  },
+  "required": [
+    "OPENCTI_URL",
+    "OPENCTI_TOKEN",
+    "CONNECTOR_SCOPE",
+    "SILENTPUSH_API_KEY"
+  ],
+  "additionalProperties": true
+}

internal-enrichment/silentpush-enrichment/__metadata__/connector_manifest.json

@@ -4,14 +4,12 @@
   "description": "Silent Push takes a unique approach to identifying developing cyber threats by creating Indicators of Future Attacks (IOFA) that are more useful, and more valuable than industry-standard IOCs.\n\nWe apply unique behavioral fingerprints to attacker activity and search across our proprietary DNS database \u2013 containing the most complete, accurate, and timely view of global internet-facing infrastructure anywhere in the world \u2013 to reveal adversary infrastructure and campaigns prior to launch.\n",
   "short_description": "Silent Push takes a unique approach to identifying developing cyber threats by creating Indicators of Future Attacks (IOFA) that are more useful, and more valuable than industry-standard IOCs.\n",
   "logo": "internal-enrichment/silentpush-enrichment/__metadata__/logo.png",
-  "use_cases": [
-    "Enrichment & Analysis"
-  ],
-  "verified": false,
-  "last_verified_date": null,
+  "use_cases" : ["Enrichment & Analysis"],
+  "verified": true,
+  "last_verified_date": "2025-12-16",
   "playbook_supported": true,
   "max_confidence_level": 50,
-  "support_version": ">=6.6.18",
+  "support_version": ">=6.8.12",
   "subscription_link": null,
   "source_code": "https://github.com/OpenCTI-Platform/connectors/tree/master/internal-enrichment/silentpush-enrichment",
   "manager_supported": false,

internal-enrichment/silentpush-enrichment/config.yml.sample

@@ -0,0 +1,17 @@
+opencti:
+  url: 'http://opencti:8080'
+  token: 'changeme'
+
+connector:
+  id: 'changeme'
+  type: 'INTERNAL_ENRICHMENT'
+  # name: 'Silent Push - Enrichment'
+  # scope: 'Indicator,IPv4-Addr,IPv6-Addr,Domain-Name,Hostname,URL'
+  # log_level: 'error'
+  # auto: false # Enable/disable auto-enrichment of observables
+
+silentpush:
+  api_base_url: 'https://app.silentpush.com/api/v2/'
+  api_key: 'YOUR-SILENT-PUSH-API-KEY'
+  # verify_cert: true
+  # max_tlp: "TLP:AMBER" # Available values: TLP:CLEAR, TLP:WHITE, TLP:GREEN, TLP:AMBER, TLP:AMBER+STRICT, TLP:RED

internal-enrichment/silentpush-enrichment/docker-compose.yml

@@ -2,32 +2,19 @@ services:
   connector-silentpush:
     image: opencti/connector-silentpush-enrichment:latest
     environment:
-      # Connector's generic execution parameters
+      # Generic parameters (connection with OpenCTI)
       - OPENCTI_URL=http://opencti:8080
-      - OPENCTI_TOKEN=${OPENCTI_TOKEN}
-      # Connector's definition parameters REQUIRED
-      - CONNECTOR_ID=silentpush
-      - CONNECTOR_NAME=SilentPush
-      - CONNECTOR_SCOPE=Indicator,URL,IPv4-Addr,IPv6-Addr,Domain-Name
-      - CONNECTOR_LOG_LEVEL=info
-      - CONNECTOR_AUTO=false
-
-      # Connector's custom execution parameters
-      - SILENTPUSH_API_BASE_URL=https://app.silentpush.com/api/v1/
-      - SILENTPUSH_API_KEY=${SILENTPUSH_API_KEY}
-      - SILENTPUSH_VERIFY_CERT=true
-      - SILENTPUSH_MAX_TLP=TLP:CLEAR # Available values: TLP:CLEAR, TLP:WHITE, TLP:GREEN, TLP:AMBER, TLP:AMBER+STRICT, TLP:RED
-
-      # Add proxy parameters below if needed
-      # - HTTP_PROXY=CHANGEME
-      # - HTTPS_PROXY=CHANGEME
-      # - NO_PROXY=CHANGEME
+      - OPENCTI_TOKEN=CHANGEME
+      # Common parameters for connectors
+      - CONNECTOR_ID=CHANGEME
+      # - CONNECTOR_NAME=Silent Push - Enrichment
+      # - CONNECTOR_SCOPE=Indicator,URL,IPv4-Addr,IPv6-Addr,Domain-Name
+      # - CONNECTOR_LOG_LEVEL=error
+      # - CONNECTOR_AUTO=false
+      # Custom parameters for connector-silentpush
+      - SILENTPUSH_API_BASE_URL=CHANGEME
+      - SILENTPUSH_API_KEY=CHANGEME
+      # - SILENTPUSH_MAX_TLP_LEVEL=TLP:CLEAR # Available values: TLP:CLEAR, TLP:WHITE, TLP:GREEN, TLP:AMBER, TLP:AMBER+STRICT, TLP:RED
+      # - SILENTPUSH_VERIFY_CERT=true
     restart: always
-#    network_mode: "host"
-#    networks:
-#      - external
 
-#networks:
-# default:
-#   external: true
-#   name: external