A tool for investigating incidents involving users clicking on emails with links or attachments and opening macro-enabled word documents using Sysmon.
Robust Python SDK and Command Line Client for interacting with IntelOwl's API. Features Easy one-time configuration with self-documented help and hints along the way. Request new analysis for observables and files. Select which analyzers you want to run for every analysis you perform. Choose whether you want to HTTP poll for the analysis to finish or not. List all jobs or view one job in a prettified tabular form. List all tags or view one tag in a prettified tabular form. Tabular view of the analyzer_config.json and connector_config.json from IntelOwl with RegEx matching capabilities. Demo Installation: $ pip3 install pyintelowl For development/testing, pip3 install pyintelowl[dev] Quickstart As Command Line Client: On successful installation, The pyintelowl entry script should be directly invokable. For example, $ pyintelowl Usage: pyintelowl [OPTIONS] COMMAND [ARGS]... Options: -d, --debug Set log level to DEBUG --version Show the version and exit. -h, --help Show this message and exit. Commands: analyse Send a new analysis request analyzer-healthcheck Send a health check request for an analyzer... config Set or view config variables connector-healthcheck Send a health check req
A tool for investigating incidents involving users clicking on emails with links or attachments and opening macro-enabled word documents using Sysmon.
Parse IOCs from text
An informational repo about hunting for adversaries in your IT environment.
A collection of Yara rules licensed under the DRL 1.1 License.
QRadio is a tool/framework designed to consolidate cyber threats intelligence sources.
A PowerShell module for threat hunting via Windows Event Logs