Platform | MSP-ready

CTG Pro threat feed Signatures, YARA, hash deny list

Subscribers poll three JSON channels from the same CyberThreatGotchi web server that powers your edge IPS dashboard. Authenticate with the X-CTG-Pro-Key header. Keys ship after Stripe checkout or MSP onboarding. Subscribe in shop ->

Get Pro key API docs on GitHub ->

Channels

Three Pro JSON endpoints

Base URL is your CTG instance (simulation default http://127.0.0.1:8765). Production edge kits bind 0.0.0.0:8765 on the LAN. All routes require the Pro key header.

SIG

Signature pack

IPS signature pack updates for the CTG engine - port-scan heuristics, block rules, and curated defensive patterns.

GET /api/pro/feed/signatures

curl -s -H "X-CTG-Pro-Key: YOUR_KEY" \
  http://127.0.0.1:8765/api/pro/feed/signatures | jq .

YARA

YARA rules bundle

Rule pack for the ClamAV + YARA scoring pipeline on edge sensors and lab VMs.

GET /api/pro/feed/yara

curl -s -H "X-CTG-Pro-Key: YOUR_KEY" \
  http://127.0.0.1:8765/api/pro/feed/yara | jq .

HASH

SHA256 deny list

Deny-list hashes for the AV scoring pipeline - block known-bad samples on authorized networks.

GET /api/pro/feed/hashes

curl -s -H "X-CTG-Pro-Key: YOUR_KEY" \
  http://127.0.0.1:8765/api/pro/feed/hashes | jq .

Local dev

Try simulation mode

python main.py --simulation --web
curl -s -H "X-CTG-Pro-Key: demo" http://127.0.0.1:8765/api/pro/feed/signatures | jq .

Demo key demo works when CTG_PRO_API_KEY is unset. Production: set a strong secret; Stripe webhook provisions per-customer keys. See On GitHub for full stack docs and CI.

MSP integration

Poll interval: hourly or on SIEM playbook trigger
Store keys in your vault - never commit to git
Pair with Blue Team retainers for operator-led rule tuning
Audit exports: /api/export/audit.json with CTG_AUDIT_SECRET

Pro Monthly $9 | Pro Yearly $99 | MSP quote ->