{"id":20722043,"url":"https://github.com/gfek/Eleven","last_synced_at":"2025-05-10T23:32:22.448Z","repository":{"id":43364216,"uuid":"147106035","full_name":"gfek/Eleven","owner":"gfek","description":"A tool for fetching `ANOMALI` free intel feeds from Limo service and store them to an ElasticSearch Index.","archived":false,"fork":false,"pushed_at":"2022-12-08T02:51:36.000Z","size":335,"stargazers_count":8,"open_issues_count":5,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2023-02-28T09:55:55.101Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gfek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-09-02T17:16:52.000Z","updated_at":"2022-06-06T00:04:25.000Z","dependencies_parsed_at":"2023-01-24T06:30:19.639Z","dependency_job_id":null,"html_url":"https://github.com/gfek/Eleven","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gfek%2FEleven","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gfek%2FEleven/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gfek%2FEleven/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gfek%2FEleven/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gfek","download_url":"https://codeload.github.com/gfek/Eleven/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224996516,"owners_count":17404485,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-17T03:33:59.543Z","updated_at":"2024-11-17T03:34:02.071Z","avatar_url":"https://github.com/gfek.png","language":"Python","funding_links":[],"categories":["[🔓 security](https://github.com/stars/ketsapiwiq/lists/unlock-security)"],"sub_categories":[],"readme":"# Eleven\n\n`Eleven` is a python utility for fetching free intel feeds, using the [python cabby taxii client](https://github.com/eclecticiq/cabby) implemented by [EclecticIQ](https://www.eclecticiq.com/), from the Limo service provided by the [Anomali](https://www.anomali.com/) company. Limo is an out-of-the-box TAXII service for users who want to get started with threat intelligence.\n\nFree Intel Feeds provided by Limo TAXII service:\n\n* Abuse\\_ch\\_Ransomware\\_IPs\\_F135\n* Abuse\\_ch\\_Ransomware\\_Domains\\_F136\n* DShield\\_Scanning\\_IPs\\_F150\n* Lehigh_Malwaredomains\\_F33\n* CyberCrime_F41\n* Emerging\\_Threats\\_C\\_C\\_Server\\_F31\n* Malware\\_Domain\\_List\\_\\_\\_Hotlist\\_F200\n* Phish_Tank\\_F107\n* Emerging\\_Threats\\_\\_\\_Compromised\\_F68\n* Blutmagie\\_TOR\\_Nodes\\_F209\n* Anomali\\_Weekly\\_Threat\\_Briefing\\_S1 \n\nThe eleven python utility connects to the limo collection and downloads all the available public intel feeds. The downloaded data are stored in an [ElasticSearch](https://www.elastic.co/downloads/elasticsearch) index. [Kibana](https://www.elastic.co/downloads/kibana) can be used to visualise the available data.\n\n## Requirements\n```\ncabby==0.1.20\ncertifi==2018.8.24\nchardet==3.0.4\ncolorlog==3.1.4\ncybox==2.1.0.17\nelasticsearch==6.3.1\nfurl==1.2.1\nidna==2.7\nlibtaxii==1.1.111\nlxml==4.2.4\nmixbox==1.0.3\nordered-set==3.0.1\norderedmultidict==1.0\npython-dateutil==2.7.3\npytz==2018.5\nrequests==2.19.1\nsix==1.11.0\nstix==1.2.0.6\nurllib3==1.23\nweakrefmethod==1.0.3\n```\n\n## Help\n\n``` \nusage: eleven.py [-h] [-d DAYS] [-u USERNAME] [-p PASSWORD] [-e ES]\n [-l PORT] [-i INDEX]\n\nA tool for fetching `ANOMALI` limo threat intel feed collection and store them to an ElasticSearch.\n\noptional arguments:\n -h, --help show this help message and exit\n -d DAYS, --days DAYS Define the timedelta in days.\n -u USERNAME, --username USERNAME\n Define the username.\n -p PASSWORD, --password PASSWORD\n Define the password.\n -e ES, --es ES Define the elasticsearch host.\n -l PORT, --port PORT Define the elasticsearch port.\n -i INDEX, --index INDEX\n Define the elsticsearch index.\n```\n\n## Example\n\n`python eleven.py -d 30`\n\n```\n[*]-Fetching collection name: Abuse_ch_Ransomware_IPs_F135\n[*]-Fetching collection name: Abuse_ch_Ransomware_Domains_F136\n[*]-Fetching collection name: DShield_Scanning_IPs_F150\n[*]-Fetching collection name: Lehigh_Malwaredomains_F33\n[*]-Fetching collection name: CyberCrime_F41\n[*]-Fetching collection name: Emerging_Threats_C_C_Server_F31\n[*]-Fetching collection name: Malware_Domain_List___Hotlist_F200\n[*]-Fetching collection name: Phish_Tank_F107\n[*]-Fetching collection name: Emerging_Threats___Compromised_F68\n[*]-Fetching collection name: Blutmagie_TOR_Nodes_F209\n[*]-Fetching collection name: Anomali_Weekly_Threat_Briefing_S1\n\n[*]-Connection with ES was successful.\n[*]-Deleting taxii_anomali index... Status: True\n[*]-Creating taxii_anomali index...\n[*]-Index taxii_anomali created successully... Status: True\n[*]-10,309 documents have been saved.\n```\n\n## Kibana\n\n![](https://raw.githubusercontent.com/gfek/Eleven/master/kibana_vis.png)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgfek%2FEleven","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgfek%2FEleven","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgfek%2FEleven/lists"}