IVRE
IVRE
Details
Author |
Pierre Lalet |
Version |
1.0 |
License |
AGPL-V3 |
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
autonomous-system, certificate_hash, domain, fqdn, ip, network, port, user-agent |
Service Homepage |
Description
Fetch details from an IVRE instance.
Configuration
Name |
Description |
use_data |
Use data from the data purpose (MaxMind) |
use_passive |
Use data from the passive purpose |
use_scans |
Use data from the scans (nmap) purpose |
db_url |
The URL of the IVRE database (e.g., mongodb://host/ivre or http://host/cgi); defaults to using IVRE’s configuration |
db_url_data |
The URL of the IVRE database for the data purpose (e.g., maxmind:///usr/share/ivre/geoip or http://host/cgi); defaults to using IVRE’s configuration |
db_url_passive |
The URL of the IVRE database for the passive purpose (e.g., mongodb://host/ivre or http://host/cgi); defaults to using IVRE’s configuration |
db_url_scans |
The URL of the IVRE database for the scans (nmap) purpose (e.g., mongodb://host/ivre or http://host/cgi); defaults to using IVRE’s configuration |
Additional details from the README file:
IVRE
Get intelligence from an IVRE instance.
Requirements
You need an access to an IVRE instance. Unlike most analyzers, IVRE does not exist as a public service but is an open-source tool: you need to install and run your own instance. The repository is on GitHub.
To learn more about IVRE (and its “purposes”), you can read the documentation, particularly about the principles, and some use cases.
Supply the following parameters to the analyzer in order to use it:
db_url(string): the IVRE instance database URL (format: same as IVRE’s configuration; default: use IVRE’s configuration)db_url_data(string): the IVRE instance database URL for the data purpose (idem)db_url_passive(string): the IVRE instance database URL for the passive purpose (idem)db_url_scans(string): the IVRE instance database URL for the scans purpose (idem)use_data(boolean): should the analyzer use the data purpose?use_passive(boolean): should the analyzer use the passive purpose?use_scans(boolean): should the analyzer use the scans purpose?