OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
Do you ever wonder if there is an easier way to retrieve, store, and maintain all your threat intelligence data? Random user, meet Forager. Not all threat intel implementations require a database that is 'correlating trillions of data points..' and instead, you just need a simple interface, with simple TXT files, that can pull threat data from other feeds, PDF threat reports, or other data sources, with minimal effort. With 15 pre-configured threat feeds, you can get started with threat intelligence feed management today.. Right now.. Do it! Features At A Glance: - Fetch intel from URL's using modular feed functions - Extract domain, md5, sha1, sha256, IPv4, and YARA indicators - Search through the current intel set by single IP or with an IOC file - Generate JSON feeds for consumption by CarbonBlack - Serves up a Simple HTTP JSON feed server for CarbonBlack Requirements: Requires Python 3! argparse xlrd pdfminer3k colorama (for pretty colored output) You can install all requirements with the included requirements.txt file pip3 install -r requirements.txt Feeds: --feeds list -- Lists all feeds and allows the user to choose a single feed to update. update -- Updates all feed modules
OpenIOC editor for building and manipulating threat intelligence data with support for various systems.
Parse IOCs from text
A cybersecurity concept categorizing indicators of compromise based on their level of difficulty for threat actors to change.
A Python library for handling TAXII v1.x Messages and invoking TAXII Services.
Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.
A repository of Yara signatures under the GNU-GPLv2 license for the cybersecurity community.