Bare Metal

Threat Bus is written in Python and ships as a PyPI package. Plugins are packaged individually and also available via PyPI. The individual packaging keeps the Threat Bus host clean from unnecessary dependencies. Every package can be installed individually via pip.

Setup a Virtual Environment

It may be desirable to install Threat Bus and its plugins in a virtual environment. Set it up as follows.

virtualenv venv
source venv/bin/activate

Install Threat Bus and Plugins

Use pip to install Threat Bus and some plugins.

pip install threatbus
pip install threatbus-inmem
pip install threatbus-misp
pip install threatbus-zeek
pip install threatbus-vast
pip install threatbus-<plugin_name>

Once installed, threatbus can be used via the CLI. Depending on the installation location, it can be invoked directly. For example, when installed in a virtual environment, it can be invoked like this.

venv/bin/threatbus --help

See the usage instructions to get started or refer to the detailed plugin documentation for fine tuning.