Threat Bus 2021.07.29

[lava]

This release of Threat Bus comes with a complete overhaul of the config system: it is now powered by Dynaconf, which brings along a bag of goodies:

• All config values can now be overwritten using environment variables
• Support for config file validation
• Secrets can be read from a separate secrets file or the environment

Additionally, most config values have been assigned default values, making it possible to start Threat Bus with a far more minimal configuration file than before.

Another important change concerns the Threat Bus Apps: The content and format of the threatbus-zmq-app plugin's subscription success response has changed. Prior to this change, the plugin used to respond with an endpoint in the host:port format, which might contain a wrong hostname (e.g., 0.0.0.0 instead of a publicly reachable topic). From now on, the plugin returns only the ports for pub and sub communication and leaves it to the subscribing app to connect with the right host/IP.

We also improved the metrics subsystem of the VAST Threat Bus app: The metric for indicator query time now only reflects the actual time spent querying VAST and no longer regards unstarted VAST queries. Metrics sent by the app now use the fully qualified domain instead of just the hostname to identify the sending machine. And we fixed the serialization format to ensure all fields are separated by commas, so that the output conforms to the Influx line protocol spec

Changelog Highlights

• ⚠️ Threat Bus now uses Dynaconf for configuration management. Configuration via a config file works exactly as it has worked before. Users can provide a path to the config file using the -c option. Threat Bus now considers files named config.yaml and config.yml as default configs if located in the same directory. Additionally, Threat Bus now supports configuration via environment variables and .dotenv. Environment variables need to be prefixed with THREATBUS_ to be respected and always take precedence over values in config files. #133

• 🐞 Threatbus now only attempts to load plugins that are explicitly listed in the config file. #150

• 🎁 Many configuration options for threatbus and pyvast-threatbus now have default values. See the example configs for a detailed list. #150

---

This discussion was created from the release Threat Bus 2021.07.29.