Combine Logo

Combine

0
Free
Visit Website

Combine gathers Threat Intelligence Feeds from publicly available sources. You can run the core tool with combine.py: - usage: combine.py [-h] [-t TYPE] [-f FILE] [-d] [-e] [--tiq-test] - optional arguments: -h, --help show this help message and exit -t TYPE, --type TYPE Specify output type. Currently supported: CSV and exporting to CRITs -f FILE, --file FILE Specify output file. Defaults to harvest.FILETYPE -d, --delete Delete intermediate files -e, --enrich Enrich data --tiq-test Output in tiq-test format (implies -e) Alternately, you can run each phase individually: - python reaper.py - python thresher.py - python winnower.py - python baler.py The output will actually be a CSV with the following schema: - entity, type, direction, source, notes, date The entity field consists of a FQDN or IPv4 address (supported entities at the moment) The type field consists of either FQDN or IPv4, classifying the type of the entity The direction field will be either inbound or outbound The source field contains the original URL The notes field should cover any extra tag info we may want to persist with the data The date field will be in YYYY-MM-DD format. All fields are quoted with double-quotes (")

FEATURES

ALTERNATIVES

A tool for creating custom detection rules from YAML input

The FASTEST Way to Consume Threat Intelligence and make it actionable.

CLI tool for ThreatCrowd.org with multiple query functions.

CAPEC™ is a comprehensive dictionary of known attack patterns used by adversaries to exploit weaknesses in cyber-enabled capabilities.

A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.

A StalkPhish Project YARA repository for Phishing Kits zip files.

Automatic YARA rule generator based on Koodous reports with limited false positives.

Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.