Combine Logo

Combine

0
Free
Visit Website

Combine gathers Threat Intelligence Feeds from publicly available sources. You can run the core tool with combine.py: - usage: combine.py [-h] [-t TYPE] [-f FILE] [-d] [-e] [--tiq-test] - optional arguments: -h, --help show this help message and exit -t TYPE, --type TYPE Specify output type. Currently supported: CSV and exporting to CRITs -f FILE, --file FILE Specify output file. Defaults to harvest.FILETYPE -d, --delete Delete intermediate files -e, --enrich Enrich data --tiq-test Output in tiq-test format (implies -e) Alternately, you can run each phase individually: - python reaper.py - python thresher.py - python winnower.py - python baler.py The output will actually be a CSV with the following schema: - entity, type, direction, source, notes, date The entity field consists of a FQDN or IPv4 address (supported entities at the moment) The type field consists of either FQDN or IPv4, classifying the type of the entity The direction field will be either inbound or outbound The source field contains the original URL The notes field should cover any extra tag info we may want to persist with the data The date field will be in YYYY-MM-DD format. All fields are quoted with double-quotes (")

FEATURES

ALTERNATIVES

OpenIOC editor for building and manipulating threat intelligence data with support for various systems.

Robust Python SDK and Command Line Client for interacting with IntelOwl's API.

A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.

Collection of YARA signatures from recent malware research.

Pulsedive is a threat intelligence platform that provides frictionless threat intelligence for growing teams, offering features such as indicator enrichment, threat research, and API integration.

Provides indicators of compromise (IOCs) to combat malware with Yara and Snort rules.

Signature-based YARA rules for detecting and preventing threats within Linux, Windows, and macOS systems.

Utilize Jupyter Notebooks to enhance threat hunting capabilities by focusing on different threat categories or stages.

PINNED