Threat Management for Open Source

AIL Framework is a modular system for analyzing and detecting information leaks from unstructured data sources, with capabilities for data extraction, correlation, and integration with threat intelligence platforms.

PyIOCe is a Python-based OpenIOC editor that enables security professionals to create, edit, and manage Indicators of Compromise for threat intelligence and incident response operations.

GCTI's open-source detection signatures for malware and threat detection

A neo4j-based data management platform with command-line interface for analyzing cyber threat indicators and other data points through graph database traversal.

Hippocampe is a threat feed aggregator with configurable confidence levels and a Hipposcore for determining maliciousness.

A data visualization and statistical analysis tool for measuring the quality and effectiveness of threat intelligence indicator feeds through various analytical tests.

An open-source platform that builds instrumented environments, simulates attacks, and integrates with Splunk for detection rule development and testing.

n6 is a network security incident exchange system that collects, manages, and distributes threat and incident data through REST API and web interfaces for authorized users.

OSTrICa is an open source plugin-based framework that collects and visualizes threat intelligence data from various sources to help cybersecurity professionals correlate IoCs and enhance their defensive capabilities.

nyx is a threat intelligence artifact distribution system that facilitates the sharing of threat intelligence indicators from various sources to defensive security systems with configurable criticality levels.

ChopShop is a MITRE framework that helps analysts create pynids-based decoders and detectors for identifying APT tradecraft in network traffic.

YETI is a proof-of-concept TAXII implementation that supports Inbox, Poll, and Discovery services for automated cyber threat intelligence indicator exchange.

A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.

Repository containing MITRE ATT&CK and CAPEC threat intelligence datasets formatted in STIX 2.0 standard for cybersecurity analysis and threat intelligence sharing.

A Python library for handling TAXII v1.x messages and services to enable automated threat intelligence sharing and indicator exchange.

A collection of Yara signatures developed by Citizen Lab to detect malware used in targeted attacks against civil society organizations.

A publicly available dataset of security incidents designed to support cybersecurity research and threat analysis.

A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.

ActorTrackr is an open source web application for storing, searching, and linking threat actor intelligence data from public repositories and user contributions.

Bearded Avenger is a cybersecurity tool with various integrations and deployment instructions available.