Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/EXC3L-ONE/synapse-threatfox
Synapse Rapid Power-Up for Abuse.ch ThreatFox
https://github.com/EXC3L-ONE/synapse-threatfox
Last synced: 6 days ago
JSON representation
Synapse Rapid Power-Up for Abuse.ch ThreatFox
- Host: GitHub
- URL: https://github.com/EXC3L-ONE/synapse-threatfox
- Owner: EXC3L-ONE
- License: mit
- Created: 2024-06-27T14:48:03.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2024-06-28T09:12:14.000Z (5 months ago)
- Last Synced: 2024-08-03T13:14:00.732Z (4 months ago)
- Homepage:
- Size: 32.2 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Synapse-ThreatFox
This Synapse Rapid Power-up adds support for enriching observables using [ThreatFox](https://threatfox.abuse.ch/) as well as ingesting IOCs recently reported on the platform.
---
## Usage
There are 5 commands available:
- `ex.threatfox.ingest.indicators`
- Ingest recently reported indicators
- `ex.threatfox.ingest.indicators`
- Ingest all malware profiles from ThreatFox
- `ex.threatfox.enrich`
- Enrich inbound nodes using the ThreatFox API
- `ex.threatfox.search`
- Search the ThreatFox database for a user-defined string
- `ex.threatfox.setup.tagprefix`
- Setup Threatfox tag prefix
---
## Installation
The easiest way to use this Power-Up is to load the JSON package into the Cortex by running:
`pkg.load --raw "https://raw.githubusercontent.com/EXC3L-ONE/synapse-threatfox/main/synapse_threatfox.json"`
Alternatively, you can also clone this repo, and load the package via `python -m synapse.tools.genpkg` (see reference in Synapse docs [here](https://synapse.docs.vertex.link/en/latest/synapse/userguides/syn_tools_genpkg.html#building-the-example-package))