{"id":50411921,"url":"https://github.com/bitbug0x55aa/personal-cti-streamliner","last_synced_at":"2026-05-31T04:02:46.396Z","repository":{"id":317800543,"uuid":"1068858617","full_name":"bitbug0x55AA/personal-cti-streamliner","owner":"bitbug0x55AA","description":"Your personal threat intelligence hub. Automates CTI collection and categorization with FreshRSS \u0026 Docker.","archived":false,"fork":false,"pushed_at":"2025-10-05T07:05:10.000Z","size":346,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-09T13:59:38.568Z","etag":null,"topics":["blue-team","cti","cybersecurity","docker","freshrss","threat-intelligence"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bitbug0x55AA.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-03T02:45:41.000Z","updated_at":"2025-10-05T08:29:52.000Z","dependencies_parsed_at":"2025-10-03T06:21:01.291Z","dependency_job_id":"f5ce3fcb-6e66-43bd-b62f-82b9ef4d452f","html_url":"https://github.com/bitbug0x55AA/personal-cti-streamliner","commit_stats":null,"previous_names":["taof211/personal-cti-streamliner","umbraresonance/personal-cti-streamliner","bitbug0x55aa/personal-cti-streamliner"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/bitbug0x55AA/personal-cti-streamliner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitbug0x55AA%2Fpersonal-cti-streamliner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitbug0x55AA%2Fpersonal-cti-streamliner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitbug0x55AA%2Fpersonal-cti-streamliner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitbug0x55AA%2Fpersonal-cti-streamliner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bitbug0x55AA","download_url":"https://codeload.github.com/bitbug0x55AA/personal-cti-streamliner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bitbug0x55AA%2Fpersonal-cti-streamliner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33718447,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blue-team","cti","cybersecurity","docker","freshrss","threat-intelligence"],"created_at":"2026-05-31T04:02:46.243Z","updated_at":"2026-05-31T04:02:46.382Z","avatar_url":"https://github.com/bitbug0x55AA.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# [ARCHIVED] Personal CTI Streamliner\n\n\u003e **Status:** This project is now a legacy module and has been merged into my primary repository: [[Blue_Team_Hunting_Field_Notes]](https://github.com/bitbug0x55AA/Blue_Team_Hunting_Field_Notes.git). No further independent updates or feature developments (e.g., Python automation, OpenCTI integration) are planned here.\n\n**Current stable features (FreshRSS + Feed Lists) are now maintained under `09_Automation_Vault/9.3_Tooling_and_Pipelines/CTI_Streamliner` in the main repo.**\n\n![CTI Streamliner Dashboard](./Assets/Pictures/Page_Screenshot.jpg)\n\nA streamlined, self-hosted system for aggregating, filtering, and categorizing high-value Cyber Threat Intelligence (CTI) feeds. This repository contains not only the Docker setup but also a curated list of CTI feeds (OPML) and the specific search queries needed to build an effective, on-demand intelligence dashboard.\n\n## The Problem: Information Overload\nFor any security professional, staying updated with the latest threats, vulnerabilities, and APT activity is a daily challenge. The sheer volume of reports from vendors, CERTs, and researchers creates significant noise, making it difficult to find actionable intelligence efficiently.\n\n## The Solution: A Curated \u0026 On-Demand CTI Hub\nThis project uses **FreshRSS**, a powerful open-source RSS aggregator, running in a Docker container to solve this problem. Unlike a fully automated system, this workflow emphasizes an analyst-driven approach. Feeds are pre-sorted into priority categories, and **Bookmarked Searches** are used to perform powerful, on-demand filtering across all sources.\n\nThis provides a centralized and clean dashboard for targeted threat intelligence consumption and professional development.\n\n## Key Features\n* **🚀 One-Command Deployment:** Uses a `docker-compose.yml` for quick and easy setup.\n* **📰 Prioritized CTI Feed List:** Includes a ready-to-import OPML file that categorizes feeds into **P1 - Gov/Alerts** and **P2 - Vendor Research**.\n* **🔍 Analyst-Focused Search Queries:** Provides the exact search queries (in the `/Assets/Searches` directory) to create **Bookmarked Searches** for the four core CTI topics:\n    * **APT \u0026 Threat Actors**\n    * **Malware Analysis**\n    * **Campaigns**\n    * **Vulnerabilities**\n* **🔒 Self-Hosted \u0026 Private:** You have full control over your data and workflow.\n\n## Tech Stack\n* **[FreshRSS](https://freshrss.org/)**: The core RSS aggregator engine.\n* **[Docker](https://www.docker.com/)**: For easy, containerized deployment.\n\n## Getting Started\n\n### Prerequisites\n* Docker and Docker Compose must be installed on your system.\n\n### Installation\n1.  Clone this repository to your local machine:\n    ```bash\n    git clone [https://github.com/taof211/personal-cti-streamliner.git](https://github.com/taof211/personal-cti-streamliner.git)\n    cd personal-cti-streamliner\n    ```\n2.  Start the FreshRSS container in detached mode:\n    ```bash\n    docker-compose up -d\n    ```\n3.  Navigate to `http://localhost:8889` (or the port you defined) in your browser and complete the initial FreshRSS user setup.\n\n## Configuration: The Analyst Workflow\nThis setup is designed for quick, manual filtering rather than automated categorization.\n\n1.  **Import \u0026 Categorize Feeds:**\n    * In the FreshRSS web interface, go to `Subscription management`.\n    * Click on the `Import` function and upload the `My Report Resources.opml.xml` file from the `Assets/Feeds` directory.\n    * This will automatically create two feed categories: **P1 - Gov/Alerts** (for high-priority, official alerts) and **P2 - Vendor Research** (for in-depth technical reports).\n\n2.  **Create Bookmarked Searches:**\n    * This is the core of the workflow. Go to the main search bar in FreshRSS.\n    * Open one of the search query files from the `/Assets/Searches` directory (e.g., `malware_analysis_search.md`).\n    * Copy the entire query string.\n    * Paste it into the FreshRSS search bar and run the search.\n    * On the search results page, click the **\"Bookmark this search\"** icon (a star or bookmark symbol).\n    * Name the bookmark appropriately (e.g., \"Malware Analysis\").\n    * Repeat this process for all four search query files. You will now have four powerful, one-click filters in your main navigation pane.\n\n    \u003e ### ⚠️ Important Note on Search Queries\n    \u003e The search query files in the `/Assets/Searches` directory contain comments and line breaks for readability and maintainability. **These must be removed before pasting the query into the FreshRSS search bar.**\n    \u003e\n    \u003e **Action:** Please copy the raw query text and manually delete any comment lines and extra line breaks to form a single-line search string. This is necessary to ensure the search functions correctly in FreshRSS. It is recommended to keep the original file format unchanged for future maintenance.\n\n## My Personal Workflow\nMy daily process with this system is analyst-driven:\n\n1.  **Initial Scan:** I first check the **P1 - Gov/Alerts** category for any critical, time-sensitive information.\n2.  **Targeted Research:** Instead of browsing all feeds, I use my **Bookmarked Searches** to pull exactly what I need. For instance, if I want the latest research on malware, I simply click the \"Malware Analysis\" bookmark. This instantly filters thousands of articles across all my P1 and P2 feeds to show only the most relevant reports.\n\nThis approach keeps my main feed clean and allows me to conduct targeted research with incredible speed and efficiency.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitbug0x55aa%2Fpersonal-cti-streamliner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbitbug0x55aa%2Fpersonal-cti-streamliner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbitbug0x55aa%2Fpersonal-cti-streamliner/lists"}