Web¶
The Web source will periodically check a URL for changes, and extract any artifacts it finds. This is useful for ingesting threat intel feeds that don’t already have a ThreatIngestor source plugin, without having to write your own custom plugin. Use it for plaintext IP blacklists, C2 URL CSVs, and more.
Configuration Options¶
module
(required):web
url
(required): URL of the web content you want to poll.
Example Configuration¶
Inside the sources
section of your configuration file:
- name: mylist
module: web
url: http://example.com/feed.txt