fir_threatintel

Install

First, follow the generic plugin installation instructions in the FIR wiki.

Then, create the fir_threatintel/static/fir_threatintel/yeti_endpoints.js:

$ cp fir_threatintel/static/fir_threatintel/yeti_endpoints.js.sample fir_threatintel/static/fir_threatintel/yeti_endpoints.js

Edit this file if your Yeti instance is behind basic authentication.

Usage

This plugin leverages the YETI Threat Intelligence platform in order to enrich incidents. When opening an incident, a "Threat Intel" tab will display all known observables and indicators matching your incident's artifacts, as well as related entities.

You can also send your artifacts to Yeti directly from FIR.

In order for this integration to work, each FIR user should set his Yeti API key in his profile page (by clicking on his username).

Name		Name	Last commit message	Last commit date
parent directory ..
migrations		migrations
static/fir_threatintel		static/fir_threatintel
templates/fir_threatintel/plugins		templates/fir_threatintel/plugins
templatetags		templatetags
README.md		README.md
__init__.py		__init__.py
admin.py		admin.py
models.py		models.py
urls.py		urls.py
views.py		views.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fir_threatintel

fir_threatintel

README.md

Install

Usage

Files

fir_threatintel

Directory actions

More options

Directory actions

More options

Latest commit

History

fir_threatintel

Folders and files

parent directory

README.md

Install

Usage