Zeek Threat Intel Feed Parser
This script parses line-separated indicators from an input file and exports them to an output file in the intelligence data format. You can either run the script manually and enter the required parameters when prompted or pass it parameters if you want to automate the process.
Getting Started
These instructions will get you a copy of the project up and running.
Dependencies
Installing
Install Python3
sudo apt-get install python3
Clone the repository into /opt
cd /opt
git clone https://github.com/LeargasSecurity/Zeek-Feed-Parser.git
Usage
Navigate to /opt/Zeek-Feed-Parser
cd /opt/Zeek-Feed-Parser
And then run the parser using one of the following options
Manual Usage
python3 parser.py
The script will prompt you to enter the required data; indicator type, source and description, as well as the absolute paths to the input and output files.
Automated Usage
You can also pass arguments directly to the script and bypass user input which allows you to automate the parsing.
python3 parser.py type source description /opt/Zeek-Feed-Parser/input/sample.txt /opt/Zeek-Feed-Parser/output/sample.intel
Output Format
- Intelligence data format