Skip to main content

Tools to search network data logs for threat feed data

Project description

Overview

The gawseed-threat-feed-tools package provides a mechanism that binds together:

  • A threat feed source that returns a list of "threats"
  • A data source, that returns rows of data to search through for the threats
  • A searcher that can bind the two together, looking for threats/data that meet particular criteria
  • A list of "enrichers" that can take the results of any matches and gather additional context to pass to the ....
  • A report generator that can take the results of everything and print/save the results

Usage

Typical usage would be running threat-feed.py and loading a YAML configuration file (passed to the -y switch) to bind the above modules together. See theat-feed.py --config-templates for a selection of YAML configuration templates to use when creating config files.

Example configuration

Coming soon...

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for gawseed-threat-feed-tools, version 1.1.4
Filename, size File type Python version Upload date Hashes
Filename, size gawseed_threat_feed_tools-1.1.4-py3-none-any.whl (45.5 kB) File type Wheel Python version py3 Upload date Hashes View
Filename, size gawseed-threat-feed-tools-1.1.4.tar.gz (27.4 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page