Skip to content

franckferman/CassandraCTI

BranchesTags

Repository files navigation

Contributors Forks Stargazers Issues License

CassandraCTI Logo

๐Ÿ”ฎ CassandraCTI

Modular Cyber Threat Intelligence Aggregator.
From RSS feeds to actionable threat intel - automatically distributed across your platforms.

๐Ÿ“œ Table of Contents

Click to collapse/expand
  1. ๐Ÿ“– About
  2. ๐Ÿš€ Getting Started
  3. ๐Ÿ› ๏ธ Usage
  4. ๐Ÿ“œ License
  5. ๐Ÿ“ž Contact

๐Ÿ“– About

CassandraCTI is a modular Cyber Threat Intelligence (CTI) aggregator designed to collect and distribute cyber intelligence from RSS feeds across multiple platforms.

Originally developed as a private tool for internal corporate needs, CassandraCTI is now being restructured and released as an open-source, community-friendly project. While it was built for very specific workflows, it is now being redesigned to be modular, flexible, and adaptable to other use cases.

โš™๏ธ Note: This project is still under active development and restructuring.

๐Ÿš€ Getting Started

Installation

pip install -r requirements.txt

Initialization

Create default configuration files in %APPDATA%\cassandra-cti\ (Windows) or ~/.config/cassandra-cti/ (Linux/Mac).

python -m cassandra_cti.cli init

๐Ÿ› ๏ธ Usage

Running the Bot

One-shot run:

python -m cassandra_cti.cli run

Loop mode (every 5 minutes):

python -m cassandra_cti.cli run --loop

Filter by source:

python -m cassandra_cti.cli run --sources "rss,ransomware_live"

Backfill (process past events):

python -m cassandra_cti.cli run --since 2025-11-25

Dry Run (no messages sent):

python -m cassandra_cti.cli run --dry-run

Database Management

Reset database (clear history):

python -m cassandra_cti.cli db-reset

Clear "seen" history for a source:

python -m cassandra_cti.cli seen-clear --source-prefix "rss:LeMondeInformatique"

Configuration & Debug

Check configuration:

python -m cassandra_cti.cli doctor config

Test a connector:

python -m cassandra_cti.cli doctor connector --id my-discord-connector

List current config:

python -m cassandra_cti.cli list

Managing Feeds & Connectors

Add RSS Feed:

python -m cassandra_cti.cli add-source rss --name "CERT-FR" --url "https://cert.ssi.gouv.fr/feed/"

Bulk Import RSS Feeds (CSV):

python -m cassandra_cti.cli import-feeds my_feeds.csv

Add Teams Connector:

python -m cassandra_cti.cli add-connector --id "teams-soc" --webhook-url "https://..."

๐Ÿ“š License

This project is licensed under the GNU Affero General Public License, Version 3.0. For more details, please refer to the LICENSE file in the repository: Read the license on GitHub

(๐Ÿ”ผ Back to top)

๐Ÿ“ž Contact

ProtonMail LinkedIn Twitter

(๐Ÿ”ผ Back to top)

About

๐Ÿ”ฎ Collect, process, and automatically distribute Cyber Threat Intelligence from RSS feeds across multiple platforms.

github.com/franckferman/CassandraCTI

Topics

python rss python3 threat rss-feed rss-aggregator threat-hunting python-3 threatintel cti cyber-security threat-intelligence threat-intel cyber-threat-intelligence threat-detection threatintelligence cyber-threats cyber-threat-hunting cyber-threat cyber-threat-tool

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages