A library of event-based analytics written in EQL to detect adversary behaviors, now integrated into the Detection Engine of Kibana.
The latest iteration of Poortego is a completely new code-base, utilizing neo4j for data traversal and management, with a command interface built on Python cmd2 and py2neo for neo4j REST communication. It is designed for cyber threat indicators but can be used for other data points as well. The roadmap includes additional argument support for commands, transforms for data interaction, scheduled transforms, document retrieval, and raw document/file storage.
A library of event-based analytics written in EQL to detect adversary behaviors, now integrated into the Detection Engine of Kibana.
Open source web app for storing and searching Actor related data from users and public repositories.
Maldatabase is a threat intelligence platform providing malware datasets and threat intelligence feeds for malware data science and threat intelligence.
Automatic YARA rule generator based on Koodous reports with limited false positives.
IntelMQ is a solution for IT security teams for collecting and processing security feeds using a message queuing protocol, with a focus on incident handling automation and threat intelligence processing.
Repository of automatically generated YARA rules from Malpedia's YARA-Signator with detailed statistics.