Needing a way to ingest and process threat intel feeds and having a budget of $0 even the excellent and thrifty EDL Manager was out of the realm of possibility. So I sat down with everyone’s favorite AI chatbot, gave it requirements, then hammered it with question after question, along with a healthy dose of “that doesn’t work, fix it”. What resulted are a trio of scripts that met my requirements of functioning, downloading threat feeds, parsing out FQDNs and IPs, and deduplicating results. If you’ve got a similar need and budget feel free to grab the scripts from Github.
If you’re needing a starting point for your threat intel check out my list of EDLs.