jenishs524/Threat-Intel-Feed-Aggregator-STIX-TAXII-
GitHub: jenishs524/Threat-Intel-Feed-Aggregator-STIX-TAXII-
一个轻量级威胁情报聚合工具,通过 TAXII 2.1 协议采集 STIX 格式的入侵指标并存储到本地 SQLite 数据库,支持模拟模式用于无服务器环境下的开发测试。
Stars: 0 | Forks: 0
📁 威胁情报源聚合器 (STIX/TAXII)
描述
连接到 TAXII 2.1 服务器(或生成模拟指标),并将入侵指标(IP、域名、哈希值)存储在本地 SQLite 数据库中。
主要特性
```
Fetches STIX 2.1 objects from a TAXII collection.
Parses indicators and stores them.
Uses simulation mode if no TAXII server is available.
SQLite database for persistence.
Sample display of stored indicators.
```
技术栈
```
stix2, taxii2client, sqlite3.
```
前置条件
```
Python 3, packages.
```
安装
bash
pip install stix2 taxii2client
用法
bash
python stix_aggregator.py
示例输出
text
[*] Current indicators in DB: 0
[*] Using simulation mode (generating mock indicators).
[+] Total indicators now: 3
[*] Sample indicators:
indicator--abc... | indicator | [ipv4-addr:value = '192.168.1.100']
注意事项
```
Replace USE_SIMULATION = False and add a real TAXII URL and collection ID for live feeds.
You can obtain a free TAXII feed from AlienVault OTX (with API key).
```
标签:Python, SQLite, STIX, TAXII, 威胁情报, 开发者工具, 数据聚合, 无后门, 逆向工具