{"id":14980433,"url":"https://github.com/renisac/cif3-pwsh","last_synced_at":"2025-10-29T00:30:33.477Z","repository":{"id":44676191,"uuid":"240048668","full_name":"renisac/CIF3-pwsh","owner":"renisac","description":"PowerShell module wrapper for the Collective Intelligence Framework (CIF) v3 API","archived":false,"fork":false,"pushed_at":"2023-03-29T18:10:35.000Z","size":70,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-02-01T20:11:25.331Z","etag":null,"topics":["cif-instance","cif3","cifv3","powershell","powershell-core","threat-intelligence","threat-sharing"],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/renisac.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-02-12T15:37:37.000Z","updated_at":"2022-01-31T16:59:33.000Z","dependencies_parsed_at":"2024-10-11T21:00:44.949Z","dependency_job_id":null,"html_url":"https://github.com/renisac/CIF3-pwsh","commit_stats":{"total_commits":45,"total_committers":3,"mean_commits":15.0,"dds":"0.15555555555555556","last_synced_commit":"0851baddff9365f72c78e927943e50d22ab0315d"},"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renisac%2FCIF3-pwsh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renisac%2FCIF3-pwsh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renisac%2FCIF3-pwsh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renisac%2FCIF3-pwsh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/renisac","download_url":"https://codeload.github.com/renisac/CIF3-pwsh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238743886,"owners_count":19523195,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cif-instance","cif3","cifv3","powershell","powershell-core","threat-intelligence","threat-sharing"],"created_at":"2024-09-24T14:01:46.282Z","updated_at":"2025-10-29T00:30:28.150Z","avatar_url":"https://github.com/renisac.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CIFv3 API PowerShell Wrapper\n\nCollective Intelligence Framework (CIF) is a threat intelligence framework. This project is a CIFv3 client for PowerShell Core and Windows PowerShell.\n\n\u003chttps://csirtgadgets.com/collective-intelligence-framework\u003e\n\n\u003chttps://github.com/csirtgadgets/bearded-avenger\u003e\n\n## Getting Started\n\nInstall the module:\n\n```powershell\nInstall-Module CIF3\n```\n\nLoad the module:\n\n```powershell\nImport-Module CIF3\n```\n\nSee what functions are available:\n\n```powershell\nGet-Command -Module CIF3\n```\n\nIf you have an existing .cif.yml in your $env:HOME dir, its contents will be read and used automatically. If you've never setup your config file (.cif.yml) before, do so now. At a minimum you must set the Uri and Token parameters.\n\n```powershell\nSet-CIF3Config -Uri https://feeds.cif.domain.com -Token aaaabbbbccccdddd\n```\n\n## Using the Module\n\n### CIF Instance Configuration\n\nRetrieve your CIFv3 config settings:\n\n```powershell\nGet-CIF3Config\n```\n\nSet the URI and authorization token to communicate with the desired CIF instance:\n\n```powershell\nSet-CIF3Config -Uri 'https://cif.domain.local:5000' -Token 'd81830def81a871f2adbf00c5000000'\n```\n\nTest the connection to your configured CIF instance URI (returns $true if working, $false otherwise):\n\n```powershell\nTest-CIF3Auth\n```\n\n### Tokens\n\nTokens in CIF are like API keys, used for authenticating and authorizing a user to perform various actions.\n\nList all tokens on the CIF instance:\n\n```powershell\nGet-CIF3Token\n```\n\nFind a token with username = 'user1@domain.local'\n\n```powershell\nGet-CIF3Token -Name user1@domain.local\n```\n\nCreate a new token called 'writeonly' on the CIF instance. It will have write permissions but no read permissions:\n\n```powershell\nNew-CIF3Token -Name 'writeonly' -Permission 'Write'\n```\n\nRemove the specified token from the CIF instance:\n\n```powershell\nRemove-CIF3Token -Id 'abcdef9999888855553333'\n```\n\nUpdate token to be in groups 'everyone' and 'admins':\n\n```powershell\nSet-CIF3TokenGroup -Id 'abcdef9999888855553333' -Group everyone, admins\n```\n\n### Indicators\n\nGet a list of all indicators (default ResultSize is 100, so 100 will be returned):\n\n```powershell\nGet-CIF3Indicator\n```\n\nGet up to 500 indicator results that have a `Confidence` of 8 or greater:\n\n```powershell\nGet-CIF3Indicator -Confidence 8 -ResultSize 500\n```\n\nGet all fqdn indicators reported in the last week that have a 'malware' or 'botnet' tag:\n\n```powershell\nGet-CIF3Indicator -IType fqdn -StartTime (Get-Date).AddDays(-7) -EndTime (Get-Date) -Tag malware, botnet\n```\n\nAdd an indicator for 'baddomain.xyz' at a confidence of 7, an amber TLP, and tagged as 'malware'\n\n```powershell\nAdd-CIF3Indicator -Indicator baddomain.xyz -Confidence 7 -Tag malware -TLP amber\n```\n\nSearch for the indicator `44.227.178.5` and include any matching parent CIDRs that are known. Results are sorted by confidence highest to lowest, with any equal-confidence indicators being further sorted by reporttime oldest to newest before being returned:\n\n```powershell\nGet-CIF3Indicator -Indicator '44.227.178.5' -IncludeRelatives -Sort '-confidence', 'reporttime'\n```\n\n### Feeds\n\nFeeds are aggregated, deduplicated, and filtered datasets that have had allowlists applied before being returned. Indicator type is the only mandatory parameter when generating a feed.\n\nGet a feed of all fqdn indicators with a confidence of 7.5 or greater:\n\n```powershell\nGet-CIF3Feed -IType fqdn -Confidence 7.5\n```\n\nGet a feed of all md5 indicators with a confidence of 9 or greater tagged as 'malware.' \nAdditionally, add the `?apiParam=paramValue` string to the final REST request:\n\n```powershell\nGet-CIF3Feed -IType md5 -Confidence 9 -Tag 'malware' -ExtraParams @{ 'apiParam' = 'paramValue' }\n```\n\n# Acknowledgments\n\n* Warren Frame's [PSSlack](https://github.com/RamblingCookieMonster/PSSlack) pwsh module for powershell framework ideas.\n* The official csirtgadgets' [CIFv3 Python SDK](https://github.com/csirtgadgets/cifsdk-py-v3) for reference.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frenisac%2Fcif3-pwsh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frenisac%2Fcif3-pwsh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frenisac%2Fcif3-pwsh/lists"}