AppPacCap

Application Packet Capture: A better way to PCAP.

Threat Intelligence

AppPacCap supports threat intelligence queries for detected IP addresses. Once you provide AppPacCap with the threat intel URL’s, it will automatically query and store the retrieved data. This data can then be accessed with the ip_query API call. It is up to the front-end interface to then interpret and display the threat data.

Configure

To configure AppPacCap to query threat intel sources, simply set the source URLs using the AppPacCap's UI under the 'Threat Intel' tab. There is a primary and secondary field available in case your subscribe to different services. If nothing is returned from the primary then the secondary source will be queried. The IP that is being queried needs to be a part of the URL string so a placeholder, {%HD_IP}, is available. Put that in place of where the IP address would go in the query URL and AppPacCap will automatically replace it with the IP in question.