bro-intel-generator Logo

bro-intel-generator

0
Free
Visit Website

Script for generating Bro intel files from pdf or html reports. Dependencies: poppler-utils, html2text. Usage: Download reports in html or pdf format, then feed them to the tool. Example: ./intel_generator.sh -f apt_report.pdf -p. Note: Verify indicators extracted before using in production. Supports domains, IPs, and hash indicators. Exclude specific file extensions using domain_exclude variable. Install generated intel files in Bro by copying the intel directory to /usr/local/bro/share/bro/.

FEATURES

ALTERNATIVES

Yara rule generator using VirusTotal code similarity feature code-similar-to.

A container of PCAP captures mapped to the relevant attack tactic

Facilitating exchange of information and knowledge to collectively protect against cyberattacks.

ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).

Gathers Threat Intelligence Feeds from publicly available sources and provides detailed output in CSV format.

A reference implementation for collecting events and performing CAR analytics to detect potential adversary activity.

MaxMind provides accurate IP geolocation and online fraud detection solutions to create safer digital experiences.

A Python library for interacting with TAXII servers

PINNED