Skip to main content

Tools to search network data logs for threat feed data

Project description

Overview

The gawseed-threat-feed-tools package provides a mechanism that binds together:

  • A threat feed source that returns a list of "threats"
  • A data source, that returns rows of data to search through for the threats
  • A searcher that can bind the two together, looking for threats/data that meet particular criteria
  • A list of "enrichers" that can take the results of any matches and gather additional context to pass to the ....
  • A report generator that can take the results of everything and print/save the results

Usage

Typical usage would be running threat-feed.py and loading a YAML configuration file (passed to the -y switch) to bind the above modules together. See theat-feed.py --config-templates for a selection of YAML configuration templates to use when creating config files.

Example configuration

Coming soon...

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gawseed-threat-feed-tools-1.1.2.tar.gz (26.3 kB view hashes)

Uploaded Source

Built Distribution

gawseed_threat_feed_tools-1.1.2-py3-none-any.whl (44.1 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page