Extract and aggregate IOCs from threat feeds.
Project description
iocingestor
An extendable tool to extract and aggregate IoCs from threat feeds.
This tool is a forked version of InQuest's ThreatIngestor focuses on MISP integration.
Key differences
- Better MISP integration.
- Working with the latest version of MISP.
- Smart event management based on
reference_link
.
- MISP warninglist compatible whitelisting.
- Using ioc-finder instead of iocextract for IoC extraction.
- YARA rule extraction is dropped.
Installation
iocingestor requires Python 3.6+.
Install iocingestor from PyPI:
pip install iocingestor
Usage
Create a new config.yml
file, and configure each source and operator module you want to use. (See config.example.yml
as a reference.)
iocingestor config.yml
By default, it will run forever, polling each configured source every 15 minutes.
Plugins
iocingestor uses a plugin architecture with "source" (input) and "operator" (output) plugins. The currently supported integrations are:
Sources
- GitHub repository search
- RSS feeds
- Generic web pages
Operators
- CSV files
- MISP
- SQLite database
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
iocingestor-0.3.0.tar.gz
(30.6 kB
view hashes)
Built Distribution
Close
Hashes for iocingestor-0.3.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 576002cadeb98e712b43c1a73e25746a9e1a5f3e62eb2463fa8662347ec10a8f |
|
MD5 | 4e3de63eb91aa505f07c8a743ea88a42 |
|
BLAKE2b-256 | d0b5b5162f0e26bf0b8cbf061c7263a9137f0d33882280a2c86e5427796ad190 |