C1fget

C1fApp script for retrieving threat intelligence lists with API

View the Project on GitHub EvoxComputing/c1fget

C1fApp list retrieval script

This is a script developed for convenience for retrieving C1fApp threat feed lists via command line. You can use it in your own script or as a cronjob:

$ git clone https://github.com/EvoxComputing/c1fget.git
$ cd c1fget/
$ chmod +x c1fget.sh
$ ./c1fget.sh -h

If you're using the GitHub for Mac, simply sync your repository and you'll see the new branch.

Supported formats

C1fapp lists when downloaded from the API interface are available at the following formats:

Currently only (-b/-op and -bl) feeds are supported.

Bro IDS and threat intel

Bro IDS supports threat intelligence lists by default. All you have to do is:

$ ./c1fget.sh -h
$ ./c1fget.sh -k API_KEY -b
$ cp c1fapp_Threat_Feed/c1fapp_malware /usr/local/bro/intel/c1fapp_malware.bro
  1. Place the list (c1fapp_malware.bro) in the appropriate directory (e.g. /usr/local/bro/intel/feeds)
  2. Add the below in $BRO_ROOT/share/bro/site/local.bro
const feed_directory = "/usr/local/bro/intel/";
@load frameworks/intel/seen

redef Intel::read_files += {
        feed_directory + "/c1fapp_malware.bro"
};

What type of information or lists does C1fApp provide ?

We follow the same concept as the Collective Intelligence Framework concept. We provide 4 main "assesments":

Start now!

Register for free at https://www.c1fapp.com ! Please use a valid email address to get your account approved faster. Business emails are approved in very short time

Authors and Contributors

Script by @verestio

Support or Contact

Contact info@evoxco.com