Cacador Logo

Cacador

0
Free
Visit Website

Cacador is a tool for extracting common indicators of compromise from a block of text. The easiest way to get cacador is to download the latest release for your platform. Compiling Cacador: Install golang go get github.com/sroberts/cacador Compile with go build Running: Run with ./cacador. It accepts text from stdin and writes a JSON blob of IOCs to stdout. For example: cat text.txt | ./cacador | import where text is some IOC rich text and import pushes your new IOCs into your threat management system. Cacador does recognize two command line flags: - comment="Foo" which makes it possible to leave a note as metadata. - tags="Foo, bar, baz" which adds tags. Generating a new release: Install goreleaser via go get github.com/goreleaser/goreleaser. Push your branch to GitHub. Tag it via git tag -a v1.0.3 -m "Release 1.0.3 - Minor bugfix edition." Push the tag to GitHub via git push origin v1.0.3 Ensure you have a GITHUB_TOKEN env var set. Run goreleaser. Why? Other tools for doing indicator extraction are pretty awesome (like armbues/ioc_parser or sroberts/jager), but what's nice about cacador is you can use it to extract IOCs from text files.

FEATURES

ALTERNATIVES

Akamai Guardicore Segmentation is a microsegmentation tool that provides network visibility, policy creation, and enforcement to prevent lateral movement and protect critical assets in diverse IT environments.

High-speed packet capture library with user-level network socket.

A honeypot that logs NTP packets into a Redis database to detect DDoS attempts.

Makes output from the tcpdump program easier to read and parse.

Fail2ban is a daemon that scans log files and bans IPs showing malicious signs to protect servers from brute-force attacks.

TCPFLOW is a tool for capturing data transmitted over TCP connections.

A network responder supporting various protocols with minimal assumptions on client intentions.

Tool for setting up Glutton, a cybersecurity tool for monitoring SSH traffic.