Follow the generic plugin installation instructions in the FIR wiki.
| FIR plugin requirements | |
|---|---|
| fir_abuse | [link] |
| fir_celery | [link] |
__Python Package Index (PyPI) requirements __
- abuse_finder [link]
You have nothing to do, that's the whole point. Just sit back and enjoy the ride ;)
The fir_artifacts_enrichment plugin defines a celery task that can be performed by a worker in the background.
It relies on the abuse_finder package to perform an action depending on the artifact.type
ENRICHMENT_FUNCTIONS = {
'hostname': domain_abuse,
'ip': ip_abuse,
'email': email_abuse,
'url': url_abuse
}The result of this task is then kept into FIR database and can be used by fir_abuse plugin