Extract and aggregate IOCs from threat feeds.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ninoseki from gravatar.com ninoseki

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v2 or later (GPLv2+) (GPL-2.0-or-later)

Author: Manabu Niseki

Requires: Python >=3.6.2, <4.0.0

Classifiers

Project description

iocingestor

PyPI version Python CI Coverage Status CodeFactor

An extendable tool to extract and aggregate IoCs from threat feeds.

This tool is a forked version of InQuest's ThreatIngestor focuses on MISP integration.

Key differences

  • Better MISP integration.
    • Working with the latest version of MISP.
    • Smart event management based on reference_link.
  • MISP warninglist compatible whitelisting.
  • Using ioc-finder instead of iocextract for IoC extraction.
    • YARA rule extraction is dropped.

Installation

iocingestor requires Python 3.6+.

Install iocingestor from PyPI:

pip install iocingestor

Usage

Create a new config.yml file, and configure each source and operator module you want to use. (See config.example.yml as a reference.)

iocingestor config.yml

By default, it will run forever, polling each configured source every 15 minutes.

Plugins

iocingestor uses a plugin architecture with "source" (input) and "operator" (output) plugins. The currently supported integrations are:

Sources

  • GitHub repository search
  • RSS feeds
  • Twitter
  • Generic web pages

Operators

  • CSV files
  • MISP
  • SQLite database

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ninoseki from gravatar.com ninoseki

Unverified details

These details have not been verified by PyPI
Project links
GitHub Statistics

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Meta

License: GNU General Public License v2 or later (GPLv2+) (GPL-2.0-or-later)

Author: Manabu Niseki

Requires: Python >=3.6.2, <4.0.0

Classifiers

Release history Release notifications | RSS feed

This version

0.3.3

0.3.2

0.3.1

0.3.0

0.2.2

0.2.1

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iocingestor-0.3.3.tar.gz (31.7 kB view hashes)

Uploaded Source

Built Distribution

iocingestor-0.3.3-py3-none-any.whl (40.2 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page