Extract and aggregate IOCs from threat feeds.
An extendable tool to extract and aggregate IOCs from threat feeds.
ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis.
ThreatIngestor requires Python 3.6+, with development headers.
Install ThreatIngestor from PyPI:
pip install threatingestor
Install optional dependencies for using some plugins, as needed:
pip install threatingestor[all]
View the full installation instructions for more information.
Create a new config.yml file, and configure each source and operator module you want to use. (See config.example.yml for layout.) Then run the script:
By default, it will run forever, polling each configured source every 15 minutes.
View the full ThreatIngestor documentation for more information.
ThreatIngestor uses a plugin architecture with “source” (input) and “operator” (output) plugins. The currently supported integrations are:
We’d love to hear any feedback you have on ThreatIngestor, its documentation, or how you’re putting it to work for you!
Issues and pull requests are welcomed. Please keep Python code PEP8 compliant. By submitting a pull request you agree to release your submissions under the terms of the LICENSE.
Release history Release notifications | RSS feed
|Filename, size||File type||Python version||Upload date||Hashes|
|Filename, size threatingestor-1.0.0b2-py2.py3-none-any.whl (33.6 kB)||File type Wheel||Python version py2.py3||Upload date||Hashes View|
|Filename, size threatingestor-1.0.0b2.tar.gz (29.6 kB)||File type Source||Python version None||Upload date||Hashes View|
Hashes for threatingestor-1.0.0b2-py2.py3-none-any.whl