Integrating and Publishing Your Solution
Technology Partners and IBMers can submit CloudPak for Security connectors to the IBM Security App Exchange portal to start the review process. Content posted on the IBM Security App Exchange will go through a validation process, as all applications and content extensions are reviewed by IBM CloudPak for Security quality teams.
You will be asked to provide a set of material, along with your connector code. Please see below for the type of material you will be asked to provide. Once you have gathered this material, you can request access to the IBM Security App Exchange portal to submit this material and schedule a validation test.
Getting Started
The Getting Started section provides an overview of the process to develop validate and publish your IBM CloudPak for Security connector.
You will receive a note from the IBM Security App Exchange upon successful completion of the validation testing. Your application will then be posted into the IBM Security App Exchange
- Get set up
- Obtain an IBM ID so that you can access the IBM Security App Exchange portal.
- Develop your connector
- Collect the required material for submission.
- Here is the material you need to submit along with your code
- Please provide a Word document that contains the following:
- Technical documentation that describes the data source the connector talks to.
- Table of mappings-List of supported comparison operators
- List of data source APIs used by the transmission module
- CLI examples of query and results translation plus performance timings (in seconds) for each call
- CLI examples of each transmission call (ping, query, status, results, delete, is_async) plus performance timings for each call
- CLI examples of the execute commandTechnical documentation
- Include a brief overview of the data source and the type of data it returns.
- Table of mappings
- The table of mappings should include the data source field/attribute, the STIX object and property it maps to, and an example of how the field and data is returned from the data source API.
The following table shows mappings for two data source fields: SourceIpV4 and SourceIpV6.Data source field STIX object and property Data source Result Example SourceIpV4 ipv4-addr:value “SourceIpV4”: “127.0.0.1” SourceIpV6 Ipv6-addr:value “SourceIpV6”: “3001:0:0:0:0:0:0:2” - Listing comparison operators and data source API endpoints
- STIX patterning uses a set of comparison operators as outlined in STIX comparison operators The submitted document should include a list what operators are supported by the data source’s query language and thus used in STIX pattern translation.The transmission module defines the following functions: query_connector, status_connector, results_connector, delete_connector, and ping. These functions in turn use APIs to make requests to the data source. Not every data source will support all of the functions used by stix-shifter (such as the delete function) so it’s helpful to know what API end points are used.
- CLI examples of translation transmission, and execute calls
- These can be the CLI commands used the developer used to test the connector during implementation. The commands are outlined in the How to Test Connectors document. The transmission examples must include the connection and authentication credentials required by the data source. This is needed so the commands can be run during the connector review.The execute command is especially important since it enforces pattern and STIX object validation. It also proves that the connection to the data source works with the supplied credentials.
- Connector acceptance
- In cases where we have questions or require code changes to the connector, a comment will be left on the PR. Once any required changes are made and the connector has been successfully tested using the CLI commands, the PR is merged into STIX-shifter’s main branch. A new STIX-shifter release is then created which gets reflected on the project’s PyPi page (https://pypi.org/project/stix-shifter/).Any service using the current STIX-shifter release will now have access to the new connector.
- Submit your application via the Submissions portal
Request access to the submission portal by sending your IBM ID to ciara.kennedy@uk.ibm.com or russell.warren@us.ibm.com
- Use your IBM ID to log in to XForce Exchange via this link: https://exchange.xforce.ibmcloud.com/new
- You can log in to the Submission Portal using this link: https://exchange.xforce.ibmcloud.com/hub/dashboard.
- Complete your validation testing
- Start your marketing activities
Need Help?
Join one of the developer communities. Follow this link