PyIOCe is an OpenIOC editor built using Python 2.7 and wxPython 3.0.0.0 that enables security professionals to create, edit, and manage Indicators of Compromise (IOCs). The tool supports both OpenIOC 1.0 and 1.1 formats simultaneously, with OpenIOC 1.0 support limited to MIR (Mandiant Intelligent Response) using legacy MIR terms. It provides a keyboard-driven interface for efficient IOC manipulation and editing. Key functionality includes indicator term management, parameter management, and IOC cloning capabilities. Users can configure preferences for default IOC version, context, and author settings. The editor supports standard operations like cut, copy, paste, and drag-and-drop functionality for the indicator tree structure. The tool allows users to revert IOC changes to the last saved state and provides comprehensive indicator terms and parameters definition capabilities. It integrates with other security systems including Snort, GRR, Splunk, and Yara for broader threat intelligence operations. PyIOCe is designed to operationalize threat intelligence data into reduced search methods, enabling both broad threat behavior analysis and narrow threat identification during incident response activities across enterprise networks.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
ThreatMiner is a threat intelligence portal that aggregates data from various sources and provides contextual information related to indicators of compromise (IOCs).
A community-driven public malware repository providing access to malware samples, tools, and resources for the cybersecurity community.
ZoomEye is an advanced cyberspace search engine that provides detailed information on cyberspace assets, including server software and version information, for cybersecurity experts, researchers, and enterprises.
A free software that calculates the security ranking of Internet Service Providers to detect malicious activities.
Malware Patrol offers a range of threat intelligence solutions, including enterprise data feeds, DNS firewall, phishing threat intelligence, and small business protection.
FraudGuard is a service that provides real-time internet traffic analysis and IP tracking to help validate usage and prevent fraud.
In-depth threat intelligence reports and services providing insights into real-world intrusions, malware analysis, and threat briefs.
A platform providing real-time threat intelligence streams and reports on internet-exposed assets to help organizations monitor and secure their attack surface.
A tracker that detects and logs SYN packets with a specific signature generated by the Mirai malware, providing real-time information on Mirai-based campaigns.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.