ThreatIngestor is a flexible, configuration-driven, extensible framework for consuming threat intelligence.

It can watch Twitter, RSS feeds, and other sources, extract meaningful information like C2 IPs/domains and YARA signatures, and send that information to other systems for analysis.

Use ThreatIngestor alongside ThreatKB or MISP to automate importing public C2s and YARA signatures, or integrate it into your existing workflow with custom operator plugins.