Python scripts that automate checking different crowd-source threat intelligence feeds to determine if something is evil.
The purpose of this project is to reduce the amount of time that is used during an investigation on whether or not something is "bad". The scripts can also be used to empower lower tier support teams (i.e., help desk personnel) with a quick and efficient way of determing if something is "bad" when they communicate with users or higher tier support personnel.
The CSIC scripts supports checking several reputable threat intelligence sources to provide aggregated results. A summary of sources for each type of indicator is included below.
IP Address
Domain Names
URLs
Files
I have a side effort to get these scripts working in a standalone executable for Windows. I have not met with much success with py2exe. So for now, you have to clone the repo.
$ git clone https://github.com/bentleygd/CSIC.git
The default help option is self-explanatory.
python csic_cli.py -h usage: csic_cli.py [-h] [-I] [-D] [-U] [-F] indicator
Open Threat Intel checker.
positional arguments: indicator Indicator to check for.
optional arguments:
-h, --help show this help message and exit
-I, --ip Check for IP address info.
-D, --dns Check for DNS info.
-U, --url Check for URL info.
-F, --file Check for File info.
# This configuration uses configparser
[API]
vt = viurs_total_api_key
fsb = hybrid_analysis_api_key
aipdb = abuse_ip_db_api_key
otx = alienvault_otx_api_key
[mail]
server = somewhere.example.com
rcpts = someone@example.com
sender = bot@example.com
[block]
path = path_to_file
See DOCs.md for code documentation.