Skip to content

Latest commit

 

History

History
 
 

fir_artifacts_enrichment

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
migrations
migrations
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
admin.py
admin.py
 
 
models.py
models.py
 
 
requirements.txt
requirements.txt
 
 
tasks.py
tasks.py
 
 

README.md

Install

Follow the generic plugin installation instructions in the FIR wiki.

FIR plugin requirements
fir_abuse [link]
fir_celery [link]

__Python Package Index (PyPI) requirements __

Usage

You have nothing to do, that's the whole point. Just sit back and enjoy the ride ;)

The fir_artifacts_enrichment plugin defines a celery task that can be performed by a worker in the background.

It relies on the abuse_finder package to perform an action depending on the artifact.type

ENRICHMENT_FUNCTIONS = {
    'hostname': domain_abuse,
    'ip': ip_abuse,
    'email': email_abuse,
    'url': url_abuse
}

The result of this task is then kept into FIR database and can be used by fir_abuse plugin