Skip to main content

Extract and aggregate IOCs from threat feeds.

Project description

Developed by InQuest Build Status Documentation Status Code Health Test Coverage PyPi Version

An extendable tool to extract and aggregate IOCs from threat feeds.

Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing worflow with SQS, Beanstalk, and custom plugins.

Overview

ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis.

Try it out now with this quick walkthrough, or see more ThreatIngestor walkthroughs on the InQuest blog.

Installation

ThreatIngestor requires Python 3.6+, with development headers.

Install ThreatIngestor from PyPI:

pip install threatingestor

Install optional dependencies for using some plugins, as needed:

pip install threatingestor[all]

View the full installation instructions for more information.

Usage

Create a new config.yml file, and configure each source and operator module you want to use. (See config.example.yml for layout.) Then run the script:

threatingestor config.yml

By default, it will run forever, polling each configured source every 15 minutes.

View the full ThreatIngestor documentation for more information.

Plugins

ThreatIngestor uses a plugin architecture with “source” (input) and “operator” (output) plugins. The currently supported integrations are:

Sources

Operators

View the full ThreatIngestor documentation for more information on included plugins, and how to create your own.

Support

If you need help getting set up, or run into any issues, feel free to open an Issue. You can also reach out to @InQuest on Twitter.

We’d love to hear any feedback you have on ThreatIngestor, its documentation, or how you’re putting it to work for you!

Contributing

Issues and pull requests are welcomed. Please keep Python code PEP8 compliant. By submitting a pull request you agree to release your submissions under the terms of the LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

threatingestor-1.0.0b2.tar.gz (29.6 kB view hashes)

Uploaded Source

Built Distribution

threatingestor-1.0.0b2-py2.py3-none-any.whl (33.6 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page