ThreatFeedGuard¶
ThreatFeedGuard performs real-time pattern matching against live threat intelligence feeds. Maintains a local cache that is refreshed asynchronously.
Overview¶
| Property | Value |
|---|---|
| Latency | <5ms (cached) |
| Memory | Varies (depends on feed size) |
| Async | Refresh is async, check is sync |
| ML Required | No |
| License | Professional |
How It Works¶
ThreatFeedManagersources patterns from configured feeds- Guard maintains a compiled
PatternMatchersnapshot - Snapshot is refreshed asynchronously via
refresh_patterns() - Sync
check()reads only from local cache
Usage¶
Rust¶
use oxide_guard_pro::ThreatFeedGuard;
use oxide_threatintel::feed_manager::ThreatFeedManager;
use oxideshield_guard::Guard;
let manager = ThreatFeedManager::new();
let guard = ThreatFeedGuard::new("threats", manager)
.with_action(GuardAction::Block);
guard.refresh_patterns().await?;
let result = guard.check("some potentially malicious input");
Python¶
from oxideshield import threat_feed_guard
# Configure with threat feed sources
guard = threat_feed_guard(feeds=["owasp", "custom"])
result = guard.check("some potentially malicious input")
Configuration¶
guards:
- type: threat_feed
action: block
feeds:
- name: owasp
url: https://feeds.oxideshield.ai/owasp
- name: custom
url: https://your-feeds.example.com/patterns
refresh_interval: 3600
min_severity: medium
Research References¶
- PromptGuard — Nature 2025
- OWASP LLM Top 10