building-ioc-defanging-and-sharing-pipeline
CommunityAutomate IOC defanging and safe sharing at scale.
AuthorAxxxxxxaaann
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This skill automates the end-to-end workflow of defanging IOCs and sharing them securely with intelligence platforms. It ingests raw IOC data, applies defanging to prevent accidental execution, converts indicators to STIX 2.1 format, and distributes them through TAXII servers, MISP instances, and email reports.
Core Features & Use Cases
- IOC Defanging & Normalization: Converts URLs, domains, IPs, and emails into safe, human-readable forms for reports and sharing.
- STIX 2.1 Conversion: Produces machine-readable indicators suitable for security tooling.
- Distribution & Sharing: Publishes to TAXII/MISP channels and generates sharing-ready reports for threat intel workflows.
- Use Case: SOCs ingest IOC feeds from multiple sources and publish a unified, defanged set to their threat intel ecosystem.
Quick Start
Feed your raw IOC text into the pipeline to extract, defang, convert to STIX, and distribute via TAXII or MISP.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: building-ioc-defanging-and-sharing-pipeline Download link: https://github.com/Axxxxxxaaann/KAIRI-Skills/archive/main.zip#building-ioc-defanging-and-sharing-pipeline Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.