Good Day today indeed. Have finally got some time to work on my skills for CIF and writing configuration (YAML scripts) to fetch open source threat feeds.
Started with a disabled configuration (/etc/cif/rules/disabled/cleanmx.cfg) for cleanmx. The cleanmx.cfg file provided should be referenced for the remote sites and id for cleanmx, that will require to write yml script.
The threat feed is provided in XML format and remote site link can be fetched either from the config file or directly from the cleanmx site (support.clean-mx.de). I will always recommend to check the links for the feeds on the browser regularly to see whether it is responding and whether it is correct link to fetch the feeds. Sometimes they change.
YML script is available on my github account – https://github.com/makflwana/CIF-Threat-Feeds-and-parsers
I will be writing more scripts to fetch open source threat feeds. If you guys have any threat feeds that are open source and not covered yet please let me know.