GOSINT Logo

GOSINT

0
Free
Visit Website

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend. Installation: Please find the installation procedure at http://gosint.readthedocs.io/en/latest/installation.html. There are three ways to get up and running: Bash install script, Docker, Manual installation. Updates: Updating is simple and encouraged as bugs are reported and fixed or new features are added. To update your instance of GOSINT, pull the latest version of GOSINT from the repository and re-run the build command to compile the updated binary: godep go build -o gosint. Configuration: GOSINT needs some quick initial configuration to start making use of it.

FEATURES

ALTERNATIVES

Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.

Automatically create yara rules based on images embedded in office documents.

Python APIs for serializing and de-serializing STIX2 JSON content with higher-level APIs for common tasks.

Advanced threat prevention and detection platform leveraging Deep CDR, Multiscanning, and Sandbox technologies to protect against data breaches and ransom attacks.

A repository of freely usable Yara rules for detection systems, with automated error detection workflows.

Tool for visualizing correspondences between YARA ruleset and samples

ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).

CLI tool for ThreatCrowd.org with multiple query functions.