Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ninoseki/iocingestor

An extendable tool to extract and aggregate IoCs from threat feeds
https://github.com/ninoseki/iocingestor

misp osint threatintel

Last synced: 19 days ago
JSON representation

An extendable tool to extract and aggregate IoCs from threat feeds

Host: GitHub
URL: https://github.com/ninoseki/iocingestor
Owner: ninoseki
License: gpl-2.0
Created: 2020-04-04T04:37:39.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-02-06T00:00:58.000Z (10 months ago)
Last Synced: 2024-10-18T08:52:39.166Z (about 1 month ago)
Topics: misp, osint, threatintel
Language: Python
Homepage:
Size: 314 KB
Stars: 32
Watchers: 3
Forks: 5
Open Issues: 12
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # iocingestor

[![PyPI version](https://badge.fury.io/py/iocingestor.svg)](https://badge.fury.io/py/iocingestor)

![Python CI](https://github.com/ninoseki/iocingestor/workflows/Python%20CI/badge.svg)

[![Coverage Status](https://coveralls.io/repos/github/ninoseki/iocingestor/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/iocingestor?branch=master)

[![CodeFactor](https://www.codefactor.io/repository/github/ninoseki/iocingestor/badge)](https://www.codefactor.io/repository/github/ninoseki/iocingestor)

An extendable tool to extract and aggregate IoCs from threat feeds.

This tool is a forked version of [InQuest](https://inquest.net/)'s [ThreatIngestor](https://github.com/InQuest/ThreatIngestor) focuses on [MISP](https://www.misp-project.org/) integration.

## Key differences

- Better MISP integration.

  - Working with the latest version of MISP.

  - Smart event management based on `reference_link`.

- [MISP warninglist](https://github.com/MISP/misp-warninglists) compatible whitelisting.

- Using [ioc-finder](https://github.com/fhightower/ioc-finder) instead of [iocextract](https://github.com/InQuest/python-iocextract) for IoC extraction.

  - YARA rule extraction is dropped.

## Installation

iocingestor requires Python 3.6+.

Install iocingestor from PyPI:

```bash

pip install iocingestor

```

## Usage

Create a new `config.yml` file, and configure each source and operator module you want to use. (See `config.example.yml` as a reference.)

```bash

iocingestor config.yml

```

By default, it will run forever, polling each configured source every 15 minutes.

## Plugins

iocingestor uses a plugin architecture with "source" (input) and "operator" (output) plugins. The currently supported integrations are:

### Sources

- GitHub repository search

- RSS feeds

- Twitter

- Generic web pages

### Operators

- CSV files

- MISP

- SQLite database