fir_threatintel

This plugin leverages the YETI Threat Intelligence platform in order to enrich incidents. When opening an incident, a "Threat Intel" tab will display all known observables and indicators matching your incident's artifacts, as well as related entities.

You can also send your artifacts to Yeti directly from FIR.

Install

First, follow the generic plugin installation instructions in the FIR wiki.

Then, each user needs to set his Yeti API key and the location of the Yeti instance in his profile page (by clicking on his username). Alternatively, an administrator you can also set up the API key and location globally, by defining the settings YETI_URL and YETI_APIKEY in FIR config.

Name		Name	Last commit message	Last commit date
parent directory ..
migrations		migrations
static/fir_threatintel		static/fir_threatintel
templates/fir_threatintel/plugins		templates/fir_threatintel/plugins
templatetags		templatetags
README.md		README.md
__init__.py		__init__.py
admin.py		admin.py
models.py		models.py
urls.py		urls.py
views.py		views.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fir_threatintel

fir_threatintel

README.md

Install

Files

fir_threatintel

Directory actions

More options

Directory actions

More options

Latest commit

History

fir_threatintel

Folders and files

parent directory

README.md

Install