ThreatAggregator
Aggregates security threats from online sources and outputs to various formats.
This tool is used to collect various intelligence sources for hosts. Hostintel is written in a modular fashion so new intelligence sources can be easily added. Hosts are identified by FQDN host name, Domain, or IP address. This tool only supports IPv4 at the moment. The output is in CSV format and sent to STDOUT so the data can be saved or piped into another program. Since the output is in CSV format, spreadsheets such as Excel or database systems will easily be able to import the data. This tool works with Python v2 and Python v3. If you find it does not work with Python v3, please post an issue.
Aggregates security threats from online sources and outputs to various formats.
AbuseIPDB offers tools and APIs to report and check abusive IPs, enhancing network security.
Modular Threat Hunting Tool & Framework
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.
Home for rules used by Elastic Security with code for unit testing, Kibana integration, and Red Team Automation.
A tool for investigating incidents involving users clicking on emails with links or attachments and opening macro-enabled word documents using Sysmon.