ThreatQuery is a threat intelligence aggregation and analysis API that allows security professionals and organizations to query multiple threat intelligence sources from a unified interface. This project is designed to streamline the process of looking up indicators of compromise (IOCs) across different threat intelligence platforms and databases.
- IOC Lookup across multiple intelligence sources
- Indicator type detection (IP, Domain, URL, File hash)
- Threat score aggregation and analysis
- RESTful API for easy integration with security tools
- Comprehensive threat data enrichment
- FastAPI for the API framework
- PostgreSQL for database storage
- SQLAlchemy for ORM
- Docker for containerization
- Python 3.11+
-
Copy
.env.exampleto.envfor Docker settings:cp .env.example .env
-
Copy
.env.exampleto.env.secretfor local development and add your API keys:cp .env.example .env.secret
Then edit
.env.secretto add your actual API keys.
docker compose up -d- Clone the repository
- Install dependencies using Poetry:
poetry install
- Configure environment variables in
.envand.env.secretfiles - Run the application:
uvicorn threatquery.main:app --reload
After starting the application, visit http://localhost:8000/docs for the Swagger UI documentation.
This project is proprietary and confidential.