EDF Atom Enrichment Engine
Project description
Centrifuge
Introduction
Centrifuge is designed to enrich multiple types of data indicators (atoms) using a wide variety of enrichers and can be seamlessly extended by registering new ones at runtime to fit your specific workflow.
Atom Types
- URL
- UUID
- CVE IDs
- CWE IDs
- Domain Names
- IP Addresses
- MAC Addresses
- Phone Numbers
- Email Addresses
- USB Vendor and Product IDs
- Digests (MD5, SHA-1, SHA-256, SHA-512)
Enrichment Sources
Centrifuge relies on several types of sources to provide deep enrichment data.
- Enrichment data from a dynamic source requires requesting data from servers during enrichment
- Enrichment data from a static source can be cached prior to enrichment
- An external source provides enrichment data for elements outside the organization
- An internal source provides enrichment data related to the organization
Lets illustrate these concepts with some examples.
- Onyphe, Censys and VirusTotal are dynamic external sources
- Geolocus database
geolocus.mmdbis a static external source - OpenCTI and Hashlookup are dynamic internal or external source depending on your own setup
- Known Identity, Known Network, Known Endpoint, Known Service, Known Entity are static internal sources
- Known CVE, Known CWE, Known MAC, Known User-Agent, Known Public Network and more are static external sources
You are expected to populate static internal sources if you need them.
Getting Started
Centrifuge releases are available on Github and Pypi.
Use Python 3.12+ and a virtual environment for best experience.
# setup centrifuge using python3 from your virtual environment
python3 -m pip install edf-centrifuge
# setup a postgresql database (if needed) using docker compose
# copy test/compose.yml to compose.yml and customize it to fit your needs
# then start containers using the following command
sudo docker compose up -d
# copy centrifuge.dist.json to centrifuge.json and customize it to fit your needs
# then populate the database before calling enrich for the first time
centrifuge populate
# enrich the atom of your choice
centrifuge enrich 'https://github.com/cert-edf/centrifuge' | jq
Configuration
You can find a template in centrifuge.dist.json.
License
Distributed under the MIT License.
Contributing
Contributions are welcome, see CONTRIBUTING.md for more information.
Security
To report a (suspected) security issue, see SECURITY.md for more information.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file edf_centrifuge-1.0.0-py3-none-any.whl.
File metadata
- Download URL: edf_centrifuge-1.0.0-py3-none-any.whl
- Upload date:
- Size: 81.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
aa642e14a07ca795b5b87672be9ba714a156e350d8265b39a74be449354c917d
|
|
| MD5 |
8bc1a2d362511900300523e1f9c3ffc0
|
|
| BLAKE2b-256 |
a9fcd842477ad5f1587900273dfe1e57eadb71a052ebb296451529fce21bb97e
|
