📡 Threat-Intel-Feed
Threat-Intel-Feed is a Python + Flask application that aggregates, normalizes, and displays up-to-date threat intelligence content from multiple cybersecurity RSS feeds — including research blogs, vendor advisories, and government alerts. The dashboard provides filtering by source and category and also extracts IOCs (IPs, domains, hashes, CVEs) for enrichment and export.
This tool is ideal for SOC analysts, threat hunters, blue teamers, and cybersecurity researchers who want a central intel dashboard without relying on paid platforms.
🧠 Features
✅ Aggregates multiple cybersecurity dashboards in one view
✅ Normalizes RSS feeds into structured JSON data
✅ Extracts Indicators of Compromise (IPs, domains, hashes, CVEs, emails)
✅ Auto-refreshes feeds hourly while the server runs
✅ Filterable UI by source, category, and IOC presence
✅ CSV & STIX export of IOCs
✅ Lightweight Flask-based dashboard
🚀 Screenshots
📦 Project Structure
🛠️ Installation
Clone the repository:
git clone https://github.com/dustinfant/Threat-Intel-Feed.git
cd Threat-Intel-Feed
Install dependencies:
pip install -r requirements.txt
📡 Run the Feed Fetcher
Before starting the dashboard, populate the normalized feed:
python fetcher/fetch_normalized.py
This will pull all configured sources from sources.yaml, extract content, and save to data/feed_normalized.json.
🌐 Start the Dashboard
python app.py
Then open your browser and navigate to:
The dashboard will show articles grouped by category.
🔄 Auto-Refresh & Indicators
While app.py is running:
Feeds are automatically refreshed every hour via APScheduler.
IOCs are extracted from article content and available for export.
📊 Exporting IOCs
CSV Export:
/export/csv
STIX 2.1 Export:
/export/stix
🗂 sources.yaml
Add new sources by editing sources.yaml. Each entry contains:
-
name: Some Source
url: https://example.com/feed.xml
category: Vendor|Research|Government|General
🧪 Example Feeds Included
Some of the sources currently configured:
ZDNet Security (General)
BleepingComputer (General)
Huntress (Vendor)
Check Point Research (Vendor)
CISA Alerts (Government)
… and more.
🧠 Why This Matters
This project gives you:
A centralized view of disparate cybersecurity feeds
Real-time trending threat intel
Ability to export IOCs for SIEM/EDR ingestion
A portfolio-ready tool that demonstrates automation + threat intel knowledge