iocx‑plugins is the central directory for all plugins built for the iocx ecosystem — including official plugins maintained by MalX Labs and community‑contributed extensions. If you’re building or integrating with iocx, this is the place to discover new capabilities and share your own.
Plugins extend the iocx extraction pipeline with specialised logic for:
- Detectors — extract new IOC types (mutexes, registry keys, cloud artifacts, etc.)
- Transformers — normalise or reshape input before extraction
- Enrichers — add metadata or context to extracted indicators
Plugins are discovered automatically via Python entry points and executed in a deterministic order.
These plugins are maintained by MalX Labs and serve as reference implementations for the ecosystem.
| Plugin | Type | Description | Repository |
|---|---|---|---|
| iocx-registry-keys | Detector + Enricher | Identifies Windows registry key paths in logs and binaries. | https://github.com/iocx-dev/iocx-registry-keys |
These plugins are contributed and maintained by the community.
If you’ve built a plugin, open a PR to add it here. Include:
- plugin name
- plugin type
- short description
- repository link
- maintainer name
If you want to create a plugin, start with the official guide:
The guide covers:
- plugin structure
- entry points
- detector/enricher/transformer patterns
- testing plugins
- publishing to PyPI
- versioning and compatibility
Plugins can be tested locally using:
iocx sample.exe --dev --enrichSee the documentation for full examples and recommended test fixtures.
Contributions are welcome — whether it’s a new plugin, improvements to existing ones, or ideas for the ecosystem. Open an issue or PR to get started.
If you discover a security issue in an official plugin, please follow the security policy in the main iocx repository