Crate threat_intel

Crate threat_intel 

Source
Expand description

§Red Asgard Threat Intelligence

A comprehensive threat intelligence framework for Rust applications with multi-source aggregation, CVE integration, and risk assessment.

§Features

  • Multi-Source Aggregation: Combine intelligence from MITRE ATT&CK, CVE databases, OSINT sources
  • HTTP Fetching: Built-in support for authenticated API calls with retry logic
  • Multiple Auth Methods: API Key, Bearer token, Basic auth support
  • Format Parsers: JSON, XML (future), STIX (future) support
  • Configurable Updates: Realtime, hourly, daily, weekly, or manual sync
  • Priority Management: Source prioritization for conflict resolution
  • Capability-Based: Query sources by capability (vulnerabilities, IOCs, tactics, etc.)
  • Risk Assessment: Built-in risk scoring and assessment

§Quick Start

use threat_intel::{ThreatIntelConfig, ThreatIntelEngine};

// Create config with default sources (MITRE ATT&CK, CVE, Abuse.ch)
let config = ThreatIntelConfig::default();

// Create engine
let mut engine = ThreatIntelEngine::new(config);

// Initialize (fetches from sources)
engine.initialize().await?;

// Query for vulnerabilities
let vulns = engine.query_vulnerabilities("apache", "2.4").await?;
println!("Found {} vulnerabilities", vulns.len());

Re-exports§

pub use assessment::*;
pub use config::*;
pub use constants::*;
pub use feeds::*;
pub use sources::*;
pub use types::*;

Modules§

assessment
Risk assessment functionality for threat intelligence
config
Configuration types for threat intelligence sources
constants
Constants for threat intelligence
feeds
HTTP feed fetching with authentication and retry logic
sources
Threat intelligence source implementations
types
Type definitions for threat intelligence

Structs§

ThreatIntelEngine
Main threat intelligence engine