ThreatIngestor Logo

ThreatIngestor

0
Free
Visit Website

An extendable tool to extract and aggregate IOCs from threat feeds. Integrates out-of-the-box with ThreatKB and MISP, and can fit seamlessly into any existing workflow with SQS, Beanstalk, and custom plugins. Currently used by InQuest Labs IOC-DB: https://labs.inquest.net/iocdb Overview: ThreatIngestor can be configured to watch Twitter, RSS feeds, sitemap (XML) feeds, or other sources, and extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis. Try it out now with this quick walkthrough, read more ThreatIngestor walkthroughs on the InQuest blog, and check out labs.inquest.net/iocdb, an IOC aggregation and querying tool powered by ThreatIngestor. Installation: ThreatIngestor requires Python 3.6+, with development headers. Install ThreatIngestor from PyPI: pip install threatingestor. Install optional dependencies for using some plugins, as needed: pip install threatingestor[all]. View the full installation instructions for more information. Usage: Create a new config.yml file, and configure each source and operator module you want to use. (See config.example.yml for layout.) Then run the sc

FEATURES

ALTERNATIVES

OpenIOC editor for building and manipulating threat intelligence data with support for various systems.

Knowledge base workflow management dashboard for YARA rules and C2 artifacts.

A Linux distribution designed for threat emulation and threat hunting, integrating attacker and defender tools for identifying threats in your environment.

A project that detects malicious SSL connections by identifying and blacklisting SSL certificates used by botnet C&C servers and identifying JA3 fingerprints to detect and block malware botnet C&C communication.

RogueApps is a collaborative repository documenting TTPs of malicious OIDC/OAuth 2.0 applications for cybersecurity research and awareness.

A threat intelligence dissemination layer for open-source security tools with STIX-2 support and plugin-based architecture.

Dorothy is a tool to test monitoring and detection capabilities for Okta environments, with modules mapped to MITRE ATT&CK® tactics.

A collection of YARA rules for research and hunting purposes.