Windows-Hunting
A repository to aid Windows threat hunters in looking for common artifacts.
A set of configuration files to use with EclecticIQ's OpenTAXII implementation, along with a callback for when data is sent to the TAXII Server's inbox. Installation: Manual install git clone https://github.com/MISP/MISP-Taxii-Server cd MISP-Taxii-Server apt-get install libmysqlclient-dev # for mysql_config pip3 install -r REQUIREMENTS.txt You'll then need to set up your TAXII database. As you're using MISP, you'll likely already have a MySQL environment running. mysql -u [database user] -p # Enter Database password mysql> create database taxiiauth; mysql> create database taxiipersist; mysql> grant all on taxiiauth.* to 'taxii'@'%' identified by 'some_password'; mysql> grant all on taxiipersist.* to 'taxii'@'%' identified by 'some_password'; mysql> exit; Now configure your TAXII server cp config/config.default.yaml config/config.yaml Now, with that data, copy config/config.default.yaml over to config/config.yaml and open it. Edit the db_connection parameters to match your environment. Change auth_api -> parameters -> secret whilst you're here as well. Do not forget to set your MISP server's URL and API key at the bottom. If you wish, you can edit the taxii service
A repository to aid Windows threat hunters in looking for common artifacts.
Automatic YARA rule generator based on Koodous reports with limited false positives.
A threat hunting capability that leverages Sysmon and MITRE ATT&CK on Azure Sentinel
A repository of cybersecurity datasets and tools curated by @sooshie.
A free threat intelligence feed and banlist feed of known malicious IP addresses for public use only.
Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.