2a75438dde
Added actual HTTP-based feed fetching for: - AbuseIPDB - IP address blacklist with confidence scoring - MalwareBazaar - Recent malware samples with SHA256 hashes - AlienVault OTX - Threat pulses with multiple IOC types Each feed properly parses JSON responses, extracts indicators of compromise (IOCs), caches them with appropriate TTLs, and maps threat levels. Feeds require API keys and can be enabled/disabled individually. IOC cache supports multiple indicator types including IPs, file hashes, and filenames.
37 lines
910 B
TOML
37 lines
910 B
TOML
[package]
|
|
name = "ghost-core"
|
|
version.workspace = true
|
|
edition.workspace = true
|
|
authors.workspace = true
|
|
license.workspace = true
|
|
|
|
[dependencies]
|
|
anyhow.workspace = true
|
|
thiserror.workspace = true
|
|
log.workspace = true
|
|
tokio = { version = "1.0", features = ["full"] }
|
|
serde = { version = "1.0", features = ["derive"] }
|
|
serde_json = "1.0"
|
|
uuid = { version = "1.0", features = ["v4"] }
|
|
toml = "0.8"
|
|
chrono = "0.4"
|
|
yara = "0.28"
|
|
sha2 = "0.10"
|
|
reqwest = { version = "0.11", features = ["json"] }
|
|
|
|
[target.'cfg(windows)'.dependencies]
|
|
windows = { version = "0.58", features = [
|
|
"Win32_Foundation",
|
|
"Win32_System_Diagnostics_ToolHelp",
|
|
"Win32_System_Diagnostics_Debug",
|
|
"Win32_System_Threading",
|
|
"Win32_System_ProcessStatus",
|
|
"Win32_System_Memory",
|
|
"Win32_System_LibraryLoader",
|
|
"Win32_Security",
|
|
"Win32_UI_WindowsAndMessaging",
|
|
] }
|
|
|
|
[target.'cfg(unix)'.dependencies]
|
|
libc = "0.2"
|