Tools to search network data logs for threat feed data
Project description
Overview
The gawseed-threat-feed-tools package provides a mechanism that binds together:
- A threat feed source that returns a list of "threats"
- A data source, that returns rows of data to search through for the threats
- A searcher that can bind the two together, looking for threats/data that meet particular criteria
- A list of "enrichers" that can take the results of any matches and gather additional context to pass to the ....
- A report generator that can take the results of everything and print/save the results
Usage
Typical usage would be running threat-feed.py
and loading a YAML
configuration file (passed to the -y
switch) to bind the above
modules together. See theat-feed.py --config-templates
for a
selection of YAML configuration templates to use when creating config
files.
Example configuration
Coming soon...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for gawseed-threat-feed-tools-1.1.13.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | a7bec010f76f67b28638c45912321d9588eb0d7d82eac39b868ea7b1e7db064e |
|
MD5 | 4e8e41d43dfd8d8bd8116f08c0f089d1 |
|
BLAKE2b-256 | 0a41b41f9e95c1819e26b0ff6d8e9df5704b2391fc5013a075e73a8b84028e36 |
Close
Hashes for gawseed_threat_feed_tools-1.1.13-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3ab30ec5d4aa90a44f498c249b1a45ff8a4e1dc6acda0e4a4b769d7bc7753ecc |
|
MD5 | 1f5d1ba32f8b039023d5665d9d25d43b |
|
BLAKE2b-256 | d1fc70c78d191885e7487ad64fec5f9e6c61346b2749aeeac85e29848773a8cb |