Skip to content

PiRogueToolSuite/threatr

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
.envs/.local
.envs/.local
 
 
.github
.github
 
 
.idea
.idea
 
 
compose
compose
 
 
config
config
 
 
deployment
deployment
 
 
locale
locale
 
 
requirements
requirements
 
 
tests
tests
 
 
threatr
threatr
 
 
.dockerignore
.dockerignore
 
 
.editorconfig
.editorconfig
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
.pylintrc
.pylintrc
 
 
.readthedocs.yml
.readthedocs.yml
 
 
CONTRIBUTORS.txt
CONTRIBUTORS.txt
 
 
COPYING
COPYING
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
local.yml
local.yml
 
 
manage.py
manage.py
 
 
merge_production_dotenvs_in_dotenv.py
merge_production_dotenvs_in_dotenv.py
 
 
production.yml
production.yml
 
 
pytest.ini
pytest.ini
 
 
setup.cfg
setup.cfg
 
 

Repository files navigation

Threatr

Threat intelligence meta search engine.

License: GPLv3

Website | Documentation | Support

Local deployment

This section describes the procedure to host Threatr locally only. It's not supposed to be exposed to the Internet directly.

Requirement

Docker and Docker Compose must be installed on the machine hosting Threatr.

Initial deployment

1. Download the Docker Compose file and the .env

wget https://raw.githubusercontent.com/PiRogueToolSuite/threatr/refs/heads/main/deployment/.env
wget https://raw.githubusercontent.com/PiRogueToolSuite/threatr/refs/heads/main/deployment/threatr-local.yml

2. Change the secrets
Edit the .env file and replace the values of DJANGO_SECRET_KEY and POSTGRES_PASSWORD with a new randomly generated secret.

3. Start Threatr

docker compose -f threatr-local.yml up -d

4. Create the admin user

docker compose -f threatr-local.yml run --rm threatr-local-front python manage.py createsuperuser --username admin

5. Create a new user and their API key

  • connect to the administration panel http://127.0.0.1:9080/admin
  • go to Users menu
  • create a new regular user
  • go to Tokens menu
  • generate a new API key for the created user

6. Configure integrations
Refer to the official documentation.

Update

docker compose -f threatr-local.yml pull
docker compose -f threatr-local.yml up -d

Stop

docker compose -f threatr-local.yml stop

REST API

Refer to the official documentation.

Example in Python

import requests

def send_request(data):
    """
    Send the request to Threatr. If Threatr returns a status code equals to 201,
    this means the client has to come back later.

    If the status code is equal to 200, we are ready to return the result to the client.

    The data sent to Threatr must follow this structure:
    {
        "super_type": the entity super type such as observable or device,
        "type": the entity type such as IPv4 or server,
        "value": the actual subject of the search such as 1.1.1.1,
        "force": indicated to update Threatr cache by querying all vendors
    }

    :param data: the data to be sent
    :return: the query results and a boolean telling if the client has to wait and come back later, False otherwise
    """
    headers = {'Authorization': f'Token API_KEY'}
    response = requests.post(
        'http://127.0.0.1:9080/api/request/', 
        headers=headers, 
        json=data
    )
    if response.status_code == 201:
        return [], True
    elif response.status_code == 200:
        return response.json(), False
    else:
        return [], False


data = {
    "super_type": "observable",
    "type": "domain",
    "value": "google.com",
    "force": False
}
d, come_back_later = send_request(data)

About

Observables analysis and enrichment for Colander

pts-project.org/

Topics

python rest-api cti

Resources

Readme

License

GPL-3.0, GPL-3.0 licenses found

Licenses found

GPL-3.0
LICENSE
GPL-3.0
COPYING

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

2 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

No releases published

Sponsor this project

Packages

 
 
 

Languages