Skip to content
/ Eleven Public

A tool for fetching `ANOMALI` free intel feeds from Limo service and store them to an ElasticSearch Index.

9 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gfek/Eleven

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
eleven.py
eleven.py
 
 
kibana_vis.png
kibana_vis.png
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Eleven

Eleven is a python utility for fetching free intel feeds, using the python cabby taxii client implemented by EclecticIQ, from the Limo service provided by the Anomali company. Limo is an out-of-the-box TAXII service for users who want to get started with threat intelligence.

Free Intel Feeds provided by Limo TAXII service:

  • Abuse_ch_Ransomware_IPs_F135
  • Abuse_ch_Ransomware_Domains_F136
  • DShield_Scanning_IPs_F150
  • Lehigh_Malwaredomains_F33
  • CyberCrime_F41
  • Emerging_Threats_C_C_Server_F31
  • Malware_Domain_List___Hotlist_F200
  • Phish_Tank_F107
  • Emerging_Threats___Compromised_F68
  • Blutmagie_TOR_Nodes_F209
  • Anomali_Weekly_Threat_Briefing_S1

The eleven python utility connects to the limo collection and downloads all the available public intel feeds. The downloaded data are stored in an ElasticSearch index. Kibana can be used to visualise the available data.

Requirements

cabby==0.1.20
certifi==2018.8.24
chardet==3.0.4
colorlog==3.1.4
cybox==2.1.0.17
elasticsearch==6.3.1
furl==1.2.1
idna==2.7
libtaxii==1.1.111
lxml==4.2.4
mixbox==1.0.3
ordered-set==3.0.1
orderedmultidict==1.0
python-dateutil==2.7.3
pytz==2018.5
requests==2.19.1
six==1.11.0
stix==1.2.0.6
urllib3==1.23
weakrefmethod==1.0.3

Help

usage: eleven.py [-h] [-d DAYS] [-u USERNAME] [-p PASSWORD] [-e ES]
                     [-l PORT] [-i INDEX]

A tool for fetching `ANOMALI` limo threat intel feed collection and store them to an ElasticSearch.

optional arguments:
  -h, --help            show this help message and exit
  -d DAYS, --days DAYS  Define the timedelta in days.
  -u USERNAME, --username USERNAME
                        Define the username.
  -p PASSWORD, --password PASSWORD
                        Define the password.
  -e ES, --es ES        Define the elasticsearch host.
  -l PORT, --port PORT  Define the elasticsearch port.
  -i INDEX, --index INDEX
                        Define the elsticsearch index.

Example

python eleven.py -d 30

[*]-Fetching collection name: Abuse_ch_Ransomware_IPs_F135
[*]-Fetching collection name: Abuse_ch_Ransomware_Domains_F136
[*]-Fetching collection name: DShield_Scanning_IPs_F150
[*]-Fetching collection name: Lehigh_Malwaredomains_F33
[*]-Fetching collection name: CyberCrime_F41
[*]-Fetching collection name: Emerging_Threats_C_C_Server_F31
[*]-Fetching collection name: Malware_Domain_List___Hotlist_F200
[*]-Fetching collection name: Phish_Tank_F107
[*]-Fetching collection name: Emerging_Threats___Compromised_F68
[*]-Fetching collection name: Blutmagie_TOR_Nodes_F209
[*]-Fetching collection name: Anomali_Weekly_Threat_Briefing_S1

[*]-Connection with ES was successful.
[*]-Deleting taxii_anomali index... Status: True
[*]-Creating taxii_anomali index...
[*]-Index taxii_anomali created successully... Status: True
[*]-10,309 documents have been saved.

Kibana

About

A tool for fetching `ANOMALI` free intel feeds from Limo service and store them to an ElasticSearch Index.

Resources

Readme
Activity

Stars

9 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages