Open in app

Sign in

Write

Sign in

EnrichIP v2.0

Alexander
2 min readSep 7, 2023

--

Updated Code can be found at:

GitHub - 0xtibs/Threat_Intel: Automating simple report creating of threat intelligence using…

Automating simple report creating of threat intelligence using ChatGPT and Greynoise API. - GitHub …

github.com

Introduction

Greetings, fellow reader! Today, I’m thrilled to introduce the next chapter of my passion project: EnrichIP v2.0.

If you aren’t aware of EnrichIP, I recommend you take 5 minutes to read a blog I wrote about it:

EnrichIP V1.0: Automated Threat Intelligence Reporting for IP Addresses

Introduction

alexandertasse.medium.com

What’s new in v2.0?

Expanded GreyNoise Integration:

  • Integration of both the RIOT and Noise API endpoints. This means you get an even richer, more diverse dataset when you’re diving into IP analyses. RIOT is a GreyNoise feature that informs users about IPs used by common business services that are almost certainly not attacking you.

Upgraded AI Engine with GPT-4:

  • The main ability of EnrichIP lies in its capability to generate meaningful, coherent reports. Transition to the GPT-4 API ensures that your reports are crafted with the latest advancements in language models.

Data Integration from VirusTotal:

  • VirusTotal is a trove of threat intelligence. The public VirusTotal API has been integrated, increasing the number of threat data sources.

AlienVault OTX:

  • AlienVault’s Open Threat Exchange is also a rich source of threat data. Direct data fetch from AlienVault — OpenThreat Exchange, making sure you get a well-rounded perspective on IP-related threats.

Insights from AbuseIPDB:

  • AbuseIPDB is like the community watch for the digital world. EnrichIP now includes insights from AbuseIPDB, adding another layer of intelligence to your reports.

Shodan:

  • Shodan is a great tool that allows us to get detailed information about an IP including ports, geolocation and etc. It has now been added to the list of sources that EnrichIP gets it’s information from.

Gentle Caveats and Acknowledgments:

EnrichIP v2.0, while feature-rich, leans heavily on ChatGPT-4 for report generation. It’s paramount to note that while GPT-4 is incredibly advanced, it’s not infallible. Reports generated should be used as a guide rather than an absolute truth. A tool, no matter how advanced, complements human expertise; it doesn’t replace it.

This is an open source passion project, as such, feel free to fork my repository and edit the tool to match your use case. If you need to contact me, my linkedin is: https://www.linkedin.com/in/alexander-tasse/

Cybersecurity
Python

--

--

Alexander
Alexander

Written by Alexander

38 Followers
6 Following

Security Engineer

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams