The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs). GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend. Installation: Please find the installation procedure at http://gosint.readthedocs.io/en/latest/installation.html. There are three ways to get up and running: Bash install script, Docker, Manual installation. Updates: Updating is simple and encouraged as bugs are reported and fixed or new features are added. To update your instance of GOSINT, pull the latest version of GOSINT from the repository and re-run the build command to compile the updated binary: godep go build -o gosint. Configuration: GOSINT needs some quick initial configuration to start making use of it.
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
SeaSponge is an accessible web-based threat modeling tool with a focus on accessibility, aesthetics, and intuitive user experience.
A tool for fetching and visualizing cyber threat intelligence data with Elasticsearch and Kibana integration.
A database of Tor exit nodes with their corresponding IP addresses and timestamps.
A threat hunting tool for Windows event logs to detect APT movements and decrease the time to uncover suspicious activity.
Collection of Yara rules for file identification and classification
A Splunk app mapped to MITRE ATT&CK to guide threat hunts.