Tools to search network data logs for threat feed data
Project description
Overview
The gawseed-threat-feed-tools package provides a mechanism that binds together:
- A threat feed source that returns a list of "threats"
- A data source, that returns rows of data to search through for the threats
- A searcher that can bind the two together, looking for threats/data that meet particular criteria
- A list of "enrichers" that can take the results of any matches and gather additional context to pass to the ....
- A report generator that can take the results of everything and print/save the results
Usage
Typical usage would be running threat-feed.py
and loading a YAML
configuration file (passed to the -y
switch) to bind the above
modules together. See theat-feed.py --config-templates
for a
selection of YAML configuration templates to use when creating config
files.
Example configuration
Coming soon...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for gawseed-threat-feed-tools-0.9.91.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 864ccebfce44f28a335b09a66bed227f7267b8d6a601192e051fb1c476cf2437 |
|
MD5 | 44e7a4ae4a4bb98d8ca0c71aa4e87a86 |
|
BLAKE2b-256 | d24d5738255e1d0a8e6db0dbb4eb0dea31b8df6826c9e67cf74cb04a8b22101d |
Close
Hashes for gawseed_threat_feed_tools-0.9.91-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 77661a76bacc75fa5328c1f7a64ce108a4a4705c7b95d7cfd14b093867049b9c |
|
MD5 | 3a846df927bf8f03eb0fc74e28d81d46 |
|
BLAKE2b-256 | 4009b28915c9a48509cd92c0691315ee8a1d15105f8b45f1bd315f160d50e97f |