admin/ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement real threat intelligence feed integration

Browse Source 
Added actual HTTP-based feed fetching for:

- AbuseIPDB - IP address blacklist with confidence scoring
- MalwareBazaar - Recent malware samples with SHA256 hashes
- AlienVault OTX - Threat pulses with multiple IOC types

Each feed properly parses JSON responses, extracts indicators of
compromise (IOCs), caches them with appropriate TTLs, and maps
threat levels. Feeds require API keys and can be enabled/disabled
individually. IOC cache supports multiple indicator types including
IPs, file hashes, and filenames.
This commit is contained in:
pandaadir05
2025-11-21 01:10:04 +02:00
parent 449cfe9708
commit 2a75438dde
2 changed files with 212 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ghost-core/Cargo.toml
View File

@@ -17,6 +17,7 @@ toml = "0.8"
chrono = "0.4"
yara = "0.28"
sha2 = "0.10"
reqwest = { version = "0.11", features = ["json"] }
[target.'cfg(windows)'.dependencies]
windows = { version = "0.58", features = [