An extendable tool to extract and aggregate IoCs from threat feeds
GPL-2.0 License
An extendable tool to extract and aggregate IoCs from threat feeds.
This tool is a forked version of InQuest's ThreatIngestor focuses on MISP integration.
reference_link
.iocingestor requires Python 3.6+.
Install iocingestor from PyPI:
pip install iocingestor
Create a new config.yml
file, and configure each source and operator module you want to use. (See config.example.yml
as a reference.)
iocingestor config.yml
By default, it will run forever, polling each configured source every 15 minutes.
iocingestor uses a plugin architecture with "source" (input) and "operator" (output) plugins. The currently supported integrations are: