Bare Metal

Threat Bus is written in Python and ships as a PyPI package. Plugins are packaged individually and also available via PyPI. This separation keeps the Threat Bus host clean from unnecessary dependencies. Everything can be installed via pip, independent of the underlying OS.

Setup a Virtual Environment

It may be desirable to install Threat Bus and its plugins in a virtual environment. Set it up as follows.

virtualenv --system-site-packages venv

source venv/bin/activate

Install Threat Bus and Plugins

Use pip to install Threat Bus and some plugins.

# core functionality & runtime:

pip install threatbus

# general naming convention:

pip install threatbus-<plugin-name>

# application plugins:

pip install threatbus-misp

pip install threatbus-zeek

pip install threatbus-vast

pip install threatbus-cif3

pip install threatbus-zmq-app

# backbone plugins:

pip install threatbus-inmem

pip install threatbus-rabbitmq

Local User Installation

You can install Python packages locally for your current user by specifying pip install --user <package>

Once installed, you can use threatbus as a stand-alone application via the CLI. Print the help text as follows.

threatbus --help

See the configuration section and the usage instructions to get started, or refer to the detailed plugin documentation for fine tuning.