Twigs requires user details to connect to your ThreatWorx instance during the discovery process. You can use one of the three options below to initialize twigs.
Option 1
twigs provides “login” and “logout” capability. This allows users to authenticate via twigs to their ThreatWorx service instance. Once logged in, users do not need to provide their details while running twigs command every time. The login command is below:
twigs login
Similarly to logout from twigs, you can run the command below:
twigs logout
This allows you to use twigs in a multi-user mode using the same installation.
Option 2
Configure your environment setup (via something like .bashrc for Bash Shell) to store typical parameters required with twigs.
These parameters are as follows:
TW_HANDLE - User login to be used for asset ingestion. Note this user becomes the owner of the ingested assets.
TW_TOKEN - API token for the specific user. You can find the value by following below steps:
Login into ThreatWorx console
Click on “Profile” in top menu
Click on “Key Management” in left menu
If you have not generated an API Key as yet, then click on “Generate New Key”, else click on “Copy to clipboard”. Note if you re-generate a new API key, then earlier key is disabled by default.
TW_INSTANCE - Specify the specific TW instance provisioned for your organization.
Save these as follows in your profile script (like .bashrc):
export TW_HANDLE=<your login>
export TW_TOKEN=<your API key>
export TW_INSTANCE=<your TW instance>
Next time you login, these variables will be automatically set and will help reduce the clutter in your twigs command-line.
Option 3
You can also specify the three parameters as part of individual twigs runs using the --token , --instance and
--handle options on the command line.
Order of Precedence
If all three options are provided then the order or precedence is as follows,
Option 3 ( First Preference )
Option 1 ( Second Preference )
Option 2 ( Third Preference )