GOSINT Logo

GOSINT

0
Free
Visit Website

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend. Installation: Please find the installation procedure at http://gosint.readthedocs.io/en/latest/installation.html. There are three ways to get up and running: Bash install script, Docker, Manual installation. Updates: Updating is simple and encouraged as bugs are reported and fixed or new features are added. To update your instance of GOSINT, pull the latest version of GOSINT from the repository and re-run the build command to compile the updated binary: godep go build -o gosint. Configuration: GOSINT needs some quick initial configuration to start making use of it.

FEATURES

ALTERNATIVES

Repository of Yara Rules created by TjNel.

API for querying domain security information, categorization, and related data.

A comprehensive list of APT groups and operations for tracking and mapping different names and naming schemes used by cybersecurity companies and antivirus vendors.

Check if an IP address was used as a Tor relay on a given date.

CIFv3 is the next version of the Cyber Intelligence Framework, developed against Ubuntu16, encouraging users to transition from CIFv2.

Analyze suspicious files, domains, IPs, and URLs to detect malware and other breaches, and share results with the security community.

MISP is an open source threat intelligence platform that enhances threat information sharing and analysis.

ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).