Extract and aggregate threat intelligence. (pre-release)
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs
tests
threatingestor
.coveragerc
.gitignore
.readthedocs.yml
.travis.yml
LICENSE
README.rst
config.ini.example
requirements-testing.txt
requirements.txt
setup.py

README.rst

threatingestor

ThreatIngestor

Developed by InQuest Build Status Documentation Status Code Health Test Coverage PyPi Version

An extendable tool to extract and aggregate IOCs from threat feeds.

Designed for use with InQuest ThreatKB, but can be used without it.

Overview

ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as C2 IPs/domains and YARA signatures, and send that information to another system for analysis.

Installation

ThreatIngestor requires Python 3.6+.

Install ThreatIngestor and its dependencies:

pip3 install -r requirements.txt
python3 setup.py install

Usage

Create a new config.ini file, and configure each source and operator module you want to use. (See config.ini.example for layout.) Then run the script:

threatingestor config.ini

By default, it will run forever, polling each configured source every 15 minutes.

For full documentation, see the ThreatIngestor ReadTheDocs site.

Contributing

Issues and pull requests are welcomed. Please keep Python code PEP8 compliant. By submitting a pull request you agree to release your submissions under the terms of the LICENSE.