ThreatTracker Logo

ThreatTracker

0
Free
Visit Website

ThreatTracker is an IOC tracker written in Python that periodically queries 4 Google Custom Search Engines to identify new AV definitions, malware sample submissions, malicious URLs and domains, and performs Reverse WHOIS lookup. It also monitors domain status using the Google Safe Browsing Lookup API and Google Safebrowsing Diagnosis Page. Requirements include Google APIs Client Library for Python, 1 Gmail account (to act as sender), and Google API key(s). To use the script, rules must be created in the /rules directory. Note: A sample rule (for tracking Dridex) is provided to highlight the required format. This project is still in beta, so bug reports are welcome. For questions, new data sources, or ideas, feel free to email the developer.

FEATURES

ALTERNATIVES

Aggregator of FireHOL IP lists with HTTP-based API service and Python client package.

A library of event-based analytics written in EQL to detect adversary behaviors, now integrated into the Detection Engine of Kibana.

Tool for dataviz and statistical analysis of threat intelligence feeds, presented in cybersecurity conferences for measuring IQ of threat intelligence feeds.

Sample detection rules and dashboards for Google Security Operations

Repository of Yara Rules created by TjNel.

A command-line tool that fetches known URLs from various sources to identify potential security threats and vulnerabilities.

A repository of cybersecurity datasets and tools curated by @sooshie.

Cyber Intelligence Management Platform with threat tracking, forensic artifacts, and YARA rule storage.