how do I add a ioc_type label with the output?

InQuest / iocextract

Defanged Indicator of Compromise (IOC) Extractor.

https://inquest.readthedocs.io/projects/iocextract/

GNU General Public License v2.0

498 stars 91 forks source link

how do I add a ioc_type label with the output? #76

Closed jllangley closed 1 year ago

jllangley commented 1 year ago

This is probably more of a feature request... Is there a way with the "extract_iocs" function to have it output the IOC Type next to the IOC?

I have a work around, but I have to call each function individually.

import iocextract
import pandas as pd
hashes = pd.DataFrame(iocextract.extract_sha256_hashes(glob), columns=['ioc'])
hashes['ioc_type'] = "sha256_hash"
hashes

battleoverflow commented 1 year ago

Hi, @jllangley!

This is currently not planned as the primary focus is to extract IOCs without too much clutter in the output. However, we do have another project that does this exact thing: https://github.com/InQuest/ThreatIngestor

ThreatIngestor aggregates intelligence from various sources and utilizes the iocextract package to extract IOCs. After extraction, ThreatIngestor does actually assign the IOC type to each artifact when collecting the intelligence.