msticpy
msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: - Query log data from multiple sources - Enrich the data with Threat Intelligence, geolocations and Azure resource data - Extract Indicators of Activity (IoA) from logs and unpack encoded data - Perform sophisticated analysis such as anomalous session detection and time series decomposition - Visualize data using interactive timelines, process trees and multi-dimensional Morph Charts - Includes time-saving notebook tools such as widgets to set query time boundaries, select and display items from lists, and configure the notebook environment. - Initially developed to support Jupyter Notebooks authoring for Azure Sentinel, now extended to pull log data from other sources.
FEATURES
ALTERNATIVES
Acapulco is a Splunk application that automatically generates meta-events from hpfeeds channels and visualizes them using D3.js.
A visualization tool for threat analysis that organizes APT campaign information and visualizes relations of IOC.
A database of Tor exit nodes with their corresponding IP addresses and timestamps.
RogueApps is a collaborative repository documenting TTPs of malicious OIDC/OAuth 2.0 applications for cybersecurity research and awareness.
VX-Underground is a vast online repository of malware samples, featuring various collections for cybersecurity professionals and researchers to analyze and combat cyber threats.
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.
PolySwarm is a malware intelligence marketplace that aggregates threat detection engines to provide early detection, unique samples, and higher accuracy.
PINNED
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.