Skip to main content

Tools to search network data logs for threat feed data

Project description

Overview

The gawseed-threat-feed-tools package provides a mechanism that binds together:

  • A threat feed source that returns a list of "threats"
  • A data source, that returns rows of data to search through for the threats
  • A searcher that can bind the two together, looking for threats/data that meet particular criteria
  • A list of "enrichers" that can take the results of any matches and gather additional context to pass to the ....
  • A report generator that can take the results of everything and print/save the results

Usage

Typical usage would be running threat-feed.py and loading a YAML configuration file (passed to the -y switch) to bind the above modules together. See theat-feed.py --config-templates for a selection of YAML configuration templates to use when creating config files.

Example configuration

Coming soon...

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gawseed-threat-feed-tools-1.1.15.tar.gz (35.4 kB view hashes)

Uploaded source

Built Distribution

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page