Skip to content

A collection of Python utilities for use in scripts related to working with "indicators of compromise" (IOCs).

Notifications You must be signed in to change notification settings

cmatthewbrooks/pyiocutils

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 

Repository files navigation

pyiocutils

A collection of Python utilities for use in scripts related to working with "indicators of compromise" (IOCs).

  • ioc.py - a set of static methods grouped under the "Ioc" class to check and handle indicators
  • iocfile.py - a class to instantiate to parse a plain-text file of IOCs
  • icargs.py - a static method to handle IOC arguments

Note: this is not a reference to Mandiant's IOC XML-based file format. This is more a reference to individual domain or ip strings as well as text files containings lists of these indicators. You know - the shit with which analysts actually work.

Also note: Python 2 and 3 are both supported.

Usage

Basic usage examples were created using asciinema. If something is still unclear, file an issue so I can make this package as easy-to-use as possible.

Using pyiocutils.ioc: asciicast

Using pyiocutils.iocfile: asciicast

Using pyiocutils.iocargs (script here): asciicast

Installation

This package is not currently hosted on the Python Package Index.

> git clone https://github.com/cmatthewbrooks/pyiocutils.git
> cd pyiocutils
> pip install .

TODO

  • Host this package on the Python Package Index

About

A collection of Python utilities for use in scripts related to working with "indicators of compromise" (IOCs).

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages