Tools to search network data logs for threat feed data
Project description
Overview
The gawseed-threat-feed-tools package provides a mechanism that binds together:
- A threat feed source that returns a list of "threats"
- A data source, that returns rows of data to search through for the threats
- A searcher that can bind the two together, looking for threats/data that meet particular criteria
- A list of "enrichers" that can take the results of any matches and gather additional context to pass to the ....
- A report generator that can take the results of everything and print/save the results
Usage
Typical usage would be running threat-feed.py
and loading a YAML
configuration file (passed to the -y
switch) to bind the above
modules together. See theat-feed.py --config-templates
for a
selection of YAML configuration templates to use when creating config
files.
Example configuration
Coming soon...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for gawseed-threat-feed-tools-1.1.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0ab3b3033f1cf3eb7d7f3096e8fa8f27ba04f07472291513d7078f922e51da0b |
|
MD5 | fe9bbb54cda024887a4803a274af5bc2 |
|
BLAKE2b-256 | c8357c58da90e2f6afa4ad8d0210366cdaa11583e728ecf1ca8b690f6dc41789 |
Close
Hashes for gawseed_threat_feed_tools-1.1.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d86e625ed82ab55e239cfee807453deadbe0f7db45c39c01fed1ab100a0dccf9 |
|
MD5 | 7f734ceec0634eb36fb7d3c205c2c706 |
|
BLAKE2b-256 | 4ba50f0fd4bdf2bd94dd6d4b841fa88daaabb7c082670c3f4a2cc66044d28aa6 |