iocingestor

An extendable tool to extract and aggregate IoCs from threat feeds.

This tool is a forked version of InQuest's ThreatIngestor focuses on MISP integration.

Key differences

Better MISP integration.
- Working with the latest version of MISP.
- Smart event management based on reference_link.
MISP warninglist compatible whitelisting.
Using ioc-finder instead of iocextract for IoC extraction.
- YARA rule extraction is dropped.

Installation

iocingestor requires Python 3.6+.

Install iocingestor from PyPI:

pip install iocingestor

Usage

Create a new config.yml file, and configure each source and operator module you want to use. (See config.example.yml as a reference.)

iocingestor config.yml

By default, it will run forever, polling each configured source every 15 minutes.

Plugins

iocingestor uses a plugin architecture with "source" (input) and "operator" (output) plugins. The currently supported integrations are:

Sources

GitHub repository search
RSS feeds
Twitter
Generic web pages

Operators

CSV files
MISP
SQLite database

Name		Name	Last commit message	Last commit date
Latest commit History 181 Commits
.github/workflows		.github/workflows
iocingestor		iocingestor
tests		tests
.deepsource.toml		.deepsource.toml
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
LICENSE		LICENSE
README.md		README.md
config.example.yml		config.example.yml
poetry.lock		poetry.lock
pyproject.toml		pyproject.toml
rss.example.yml		rss.example.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

iocingestor

Key differences

Installation

Usage

Plugins

Sources

Operators

About

Releases

Packages

Contributors 3

Languages

License

ninoseki/iocingestor

Folders and files

Latest commit

History

Repository files navigation

iocingestor

Key differences

Installation

Usage

Plugins

Sources

Operators

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages