Bare Metal

Threat Bus is written in Python and ships as a PyPI package. Plugins are packaged individually and also available via PyPI. This separation keeps the Threat Bus host clean from unnecessary dependencies. Everything can be installed via pip, independent of the underlying OS.

Setup a Virtual Environment

It may be desirable to install Threat Bus and its plugins in a virtual environment. Set it up as follows.

virtualenv --system-site-packages venv
source venv/bin/activate

Install Threat Bus and Plugins

Use pip to install Threat Bus and some plugins.

# core functionality & runtime:
pip install threatbus
# general naming convention:
pip install threatbus-<plugin-name>
# application plugins:
pip install threatbus-misp
pip install threatbus-zeek
pip install threatbus-vast
pip install threatbus-cif3
pip install threatbus-zmq-app
# backbone plugins:
pip install threatbus-inmem
pip install threatbus-rabbitmq
Local User Installation

You can install Python packages locally for your current user by specifying pip install --user <package>

Once installed, you can use threatbus as a stand-alone application via the CLI. Print the help text as follows.

threatbus --help

See the configuration section and the usage instructions to get started, or refer to the detailed plugin documentation for fine tuning.