-
Notifications
You must be signed in to change notification settings - Fork 0
Home
bentleygd edited this page Oct 8, 2019
·
2 revisions
The CSIC (Crowd Sourced Intelligence Checker) scripts are designed to assist information security and incident response personnel in identifying whether or not a given artifact (i.e., an IP address) is associated with malicious activity. CSIC checks the following sources for information:
- VirusTotal
- Hybrid Analysis (aka Falcon Sandbox)
- Talos Threat Intelligence IP blacklist
- URLHaus
- ThreatCrowd
- Threat Miner
The script requires a configuration file to be in the local directory (by default, the script expects the file to be called config.cnf) that contains the API keys as noted below:
FSB: - The Falcon Sandbox API key. NOTE: The space after the colon is required.
VT_API: - The VirusTotal API key. NOTE: The space after the colon is required.
Documentation for the osintchck.py classes and functions can be found here.