search

InQuest / ThreatIngestor

Extract and aggregate threat intelligence.
https://inquest.readthedocs.io/projects/threatingestor/
GNU General Public License v2.0
821 stars 135 forks source link

Add SQS as a Source module. #21

Closed rshipp closed 6 years ago

rshipp commented 6 years ago

Add an SQS Source module. Will allow full-circle workflow. ThreatIngestor will classify/deobfuscate/filter input and send it to configured outputs. Doubles as SQS support for ThreatKB.

One example workflow:

  1. Receive tweet https://twitter.com/_ddoxer/status/984080845056172034 in c2 list
  2. Send pastebin link to SQS
  3. SQS reader receives pastebin link, gets raw link, scrapes content
  4. SQS reader sends content as a job with reference link of original pastebin link, to ThreatIngestor SQS Source
  5. ThreatIngestor picks up job, processes, sends C2s to configured outputs