jenishs524/Threat-Intel-Feed-Aggregator-STIX-TAXII-

GitHub: jenishs524/Threat-Intel-Feed-Aggregator-STIX-TAXII-

一个轻量级威胁情报聚合工具,通过 TAXII 2.1 协议采集 STIX 格式的入侵指标并存储到本地 SQLite 数据库,支持模拟模式用于无服务器环境下的开发测试。

Stars: 0 | Forks: 0

📁 威胁情报源聚合器 (STIX/TAXII) 描述 连接到 TAXII 2.1 服务器(或生成模拟指标),并将入侵指标(IP、域名、哈希值)存储在本地 SQLite 数据库中。 主要特性 ``` Fetches STIX 2.1 objects from a TAXII collection. Parses indicators and stores them. Uses simulation mode if no TAXII server is available. SQLite database for persistence. Sample display of stored indicators. ``` 技术栈 ``` stix2, taxii2client, sqlite3. ``` 前置条件 ``` Python 3, packages. ``` 安装 bash pip install stix2 taxii2client 用法 bash python stix_aggregator.py 示例输出 text [*] Current indicators in DB: 0 [*] Using simulation mode (generating mock indicators). [+] Total indicators now: 3 [*] Sample indicators: indicator--abc... | indicator | [ipv4-addr:value = '192.168.1.100'] 注意事项 ``` Replace USE_SIMULATION = False and add a real TAXII URL and collection ID for live feeds. You can obtain a free TAXII feed from AlienVault OTX (with API key). ```
标签:Python, SQLite, STIX, TAXII, 威胁情报, 开发者工具, 数据聚合, 无后门, 逆向工具