|CIF v1 RC1-03||Gabriel Iovino||10/3/12 12:41 PM|
While Wes is out of town I get to play the role of release manager,
lets see if I can channel my inner Wes, :)
** Don't use if you're not comfortable with CIFv0.01 **
* renamed cif-perl to libcif
* renamed cif-dbi-perl to libcif-dbi
* merged cif-client to libcif
* libcif now provides (implements) cif-protocol
* libcif now provides HTTP transport
* renamed cif-router-perl to cif-router
* renamed cif-smrt-perl to cif-smrt
* misc bugfixes to cif-smrt
* migrated Iodef::Pb to be auto-generated and implemented in Iodef::Pb::Simple
* added simple access control to feed data-types (eg: domain, infrastructure,
malware) based on apikey (eg: key can only access one of the feeds if you
allow it, no query)
In theory the DB schema would not change after RC1 but Murphy's law will
be enacted when least expected.
Be sure to read the "Known Issues" if you give this a spin.
Assuming no major problems are discovered in RC1, RC2 would focus on:
* perl/python client side libraries
* FF / Chrome browser plug-ins (currently these do not work with V1)
* RTIR plugin to support V1
You might expect to see a RC2 drop by the end of Nov 2012, travel and
PTO will likely get in the way of a faster release.
From a user/(systems administrator) view point let me point out the things
that I am terribly excited about in CIF v1:
* Threading works like one would hope/expect
* CIF no longer trashes system resources (CPU/disk) for long periods of
* Feed generation has been dramatically improved. We may be able to
generated large feeds in the every 5-15 min mark. (e.g. the
whitelisting function has been greatly improved)
* Searching for IP addresses should return results in the 1 second time
frame, similar to domains in V0
* CIF is now very modular, in the event you find cif-smrt or cif-router
using up too many resources, you can easily put those on separate
pieces of hardware or add multiples of each to add additional capacity
All feedback is greatly appreciated! Can we make the setup documentation
better? Did you find errors during setup or initial runs? Can you break
it with your own private data sources?
|Re: CIF v1 RC1-03||Gabriel Iovino||10/3/12 1:13 PM|
For those of you that only read this forum through email, the URL I sent was broke :(
The correct url is:
On a positive note, I enabled "editing" within our google group and edited the url within the web interface.
I apologize for the unnecessary email, no matter how hard I try, I far too often have to send a follow up when composing emails to a large audience.
|Re: CIF v1 RC1-03||kl||10/3/12 2:46 PM|
Is there documentation for the webapi in this version?
Is it enabled?
|Re: [ci-framework] CIF v1 RC1-03||wes||10/3/12 3:35 PM|
it's enabled, and drastically different since we're moving away from "a webapi" towards a "cif protocol". no doc yet, it'll come with RC2.
[for the non-faint-of-heart]
the nuts and bolts of it are here (note the v1, 'master' is the dev tree for future versions)
and implemented within libcif dynamically.
an example of the "new world order" can be found here:
really the apps are going to be built against the protocol instead of the "web api", then cif-router accepts that protocol and "does stuff" with it.
it's going to be harder for adoption in the beginning, but we're gonna spend a lot of time with RC2 making sure the binding libs (perl, python, js, etc) are easy enough to write your apps against that the protocol doesn't really matter.
|Re: [ci-framework] CIF v1 RC1-03||wes||10/3/12 3:39 PM|
i should note:
the "/usr/bin/cif" command still has a -p json output that will translate the keypairs out for you into json, so at-worst, you can still rapidly get to the basic meta-data around an IODEF observation.
so at worst- the lib will give you easy data to write an app around, at best you can implement the protocol in any lang you want too (google proto does this for us in perl, python, C, java and C++ for free though).
> Is there documentation for the webapi in this version?--