A collection of Python utilities for use in scripts related to working with "indicators of compromise" (IOCs).
- ioc.py - a set of static methods grouped under the "Ioc" class to check and handle indicators
- iocfile.py - a class to instantiate to parse a plain-text file of IOCs
- icargs.py - a static method to handle IOC arguments
Note: this is not a reference to Mandiant's IOC XML-based file format. This is more a reference to individual domain or ip strings as well as text files containings lists of these indicators. You know - the shit with which analysts actually work.
Also note: Python 2 and 3 are both supported.
Basic usage examples were created using asciinema. If something is still unclear, file an issue so I can make this package as easy-to-use as possible.
Using pyiocutils.ioc:
Using pyiocutils.iocfile:
Using pyiocutils.iocargs (script
here):
This package is not currently hosted on the Python Package Index.
> git clone https://github.com/cmatthewbrooks/pyiocutils.git
> cd pyiocutils
> pip install .- Host this package on the Python Package Index