Git Product home page Git Product logo

falcon-intel-spike's Introduction

Falcon Intel Indicators Spike

Warning

This is Proof of Concept Code for fetching CrowdStrike Threat Intel Indicators in mass from the OAUTH2 REST API and storing them in a mongodb.

This proof of concept is a concept. This is not a production ready tested piece of code that uses to best practices, patterns, and processes.

screenshot

Data Storage Capacity and Size

This data can take significant time to download the over 200+ Million indicators at 4000 indicators per page, even with threads.

Storage of the solution would use 10s of GB of data and require proper indexing on the MongoDB.

Setup

Setup consist of using the config.ini and exporting sensitive OAUTH ENV variables as shown. Do not store your Client Secrets or Mongo Connection String secrets in a unprotected config file.

screenshot

Example of a connection string is in the config.ini:

export MONGO_CONNECTIONSTRING=mongodb://[username:password@]host1[:port1][,...hostN[:portN]][/[defaultauthdb][?options]]

Dependencies

FalconPy

Falconpy is the supported CrowdStrike Python Falcon SDK.

MongoDB

MongoClient is required to connect to a mongoDB with authorization via mongoconnect string

falcon-intel-spike's People

Contributors

cs-shadowbq avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.