ThreatIngestor Logo

ThreatIngestor

0
Free
Visit Website

An extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing workflow with SQS, Beanstalk, and custom plugins. Currently used by InQuest Labs IOC-DB: https://labs.inquest.net/iocdb Overview: ThreatIngestor can be configured to watch Twitter, RSS feeds, sitemap (XML) feeds, or other sources, and extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis. Try it out now with this quick walkthrough, read more ThreatIngestor walkthroughs on the InQuest blog, and check out labs.inquest.net/iocdb, an IOC aggregation and querying tool powered by ThreatIngestor. Installation: ThreatIngestor requires Python 3.6+, with development headers. Install ThreatIngestor from PyPI: pip install threatingestor. Install optional dependencies for using some plugins, as needed: pip install threatingestor[all]. View the full installation instructions for more information. Usage: Create a new config.yml file, and configure each source and operator module you want to use. (See config.example.yml for layout.) Then run the sc

FEATURES

ALTERNATIVES

CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.

ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).

A threat exposure management platform that monitors clear and dark web environments to detect and provide actionable intelligence on potential security threats like data leaks, credentials, and malicious actor activities.

Real-time monitoring tool for newly issued SSL certificates.

Collection of Yara rules for file identification and classification

A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.

Search engine for Windows executable files and hashes, providing insights into file prevalence, behavior, and security information.

A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.

PINNED