New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create authenticated enrichment service #12
Comments
Hey, I wanna take up this one.
|
Hey, thanks for your interest in the project. Well, no that was not my intention. Even if not built with the DRF, this does not mean that it is not already an API endpoint. That change would not benefit in any way. I think I need to add more context to let you understand the issue. Right now, this project provides feeds that are regularly updated (every 10 minutes). This means that these indicators of compromise, to be used, must be downloaded by the consumer periodically and must be managed and saved in some way from there. This is useful for some use cases. If you have a Threat Intel Platform of your own, you can just download these data and feed the platform periodically. If you have a firewall, you could just add this feed and the firewall would manage the download. But if you do not need to retrieve all of these data periodically and manage them, but you just want to ask whether a specific observable (IP address or domain) was seen by Greedybear or not to know if you should flag it as malicious or no, well... you cannot. For this common use case, we would need to add the chance to query a new API endpoint (for ex, To give you either more context, IntelOwl is an aggregator of these kind of "enrichment" services. Most of the "analyzers" work in that way. For instance, this new service could be integrated in IntelOwl as a new analyzer. This is the direction that we want to follow. |
Thanks a lot for such a detailed explanation. Got a Much clear idea of the task now. |
Exactly. Well, it is missing the |
Cool!! |
Hey, @uzaxirr are you still working on this? |
Okay. |
this has been completed with the major release |
We could provide a service that could be queried via API key. In this way, it would be possibile to understand if an IOC is in the database of Greedybear without having to download and manage all the feeds from Greedybear.
It would be a simple enrichment service.
We would need:
The text was updated successfully, but these errors were encountered: