Tools
Botnet Encyclopedia
Homepage: https://www.guardicore.com/botnet-encyclopedia/
Description:
Get in-depth analyses of attack campaigns captured by Guardicore Global Sensors Network (GGSN). Learn about each botnet’s scope, its associated indicators of compromise (IOCs), and the attack flow.
Description:
Get in-depth analyses of attack campaigns captured by Guardicore Global Sensors Network (GGSN). Learn about each botnet’s scope, its associated indicators of compromise (IOCs), and the attack flow.
INTEL Owl
Homepage: https://www.honeynet.org/projects/active/intel-owl/
Github: https://github.com/intelowlproject/IntelOwl
Description:
Do you want to get threat intelligence data about a file, an IP or a domain? This application is built to scale out and to speed up the retrieval of threat info. It can be integrated easily in your stack of security tools to automate common jobs usually performed, for instance, by SOC analysts manually. Intel Owl is composed of analyzers that can be run to retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internal analyzers (like Yara or Oletools) This solution is for everyone who needs a single point to query for info about a specific file or observable (domain, IP, URL, hash).
Github: https://github.com/intelowlproject/IntelOwl
Description:
Do you want to get threat intelligence data about a file, an IP or a domain? This application is built to scale out and to speed up the retrieval of threat info. It can be integrated easily in your stack of security tools to automate common jobs usually performed, for instance, by SOC analysts manually. Intel Owl is composed of analyzers that can be run to retrieve data from external sources (like VirusTotal or AbuseIPDB) or to generate intel from internal analyzers (like Yara or Oletools) This solution is for everyone who needs a single point to query for info about a specific file or observable (domain, IP, URL, hash).
INTELMQ
Homepage: https://github.com/certtools/intelmq
Github: https://github.com/certtools/intelmq
Description:
IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs, abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
Github: https://github.com/certtools/intelmq
Description:
IntelMQ is a solution for IT security teams (CERTs & CSIRTs, SOCs, abuse departments, etc.) for collecting and processing security feeds (such as log files) using a message queuing protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs/CSIRTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
MISP
Homepage: https://www.misp-project.org/
Github: https://github.com/MISP/MISP
Description:
MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
Github: https://github.com/MISP/MISP
Description:
MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
OpenCTI
Homepage: https://www.opencti.io/en/
Github: https://github.com/OpenCTI-Platform/opencti
Description:
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.
Github: https://github.com/OpenCTI-Platform/opencti
Description:
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. It has been created in order to structure, store, organize and visualize technical and non-technical information about cyber threats.
Pulsedive
Homepage: http://pulsedive.com/
Description:
Pulsedive is an open, community threat intelligence platform offering free investigation, on-demand enrichment, and risk evaluation for indicators and threats. Search any domain, IP, or URL to retrieve actionable indicator information including: whois, geo, banner, cookies, dns, meta, ssl, ports, protocols, web technologies, downloads, redirects, mail servers, user comments, risk factors, and related threats. Additionally, Pulsedive allows you to pivot on any data point (80M and counting), query across the entire database to uncover additional threats, or use our API to build custom integrations.
Description:
Pulsedive is an open, community threat intelligence platform offering free investigation, on-demand enrichment, and risk evaluation for indicators and threats. Search any domain, IP, or URL to retrieve actionable indicator information including: whois, geo, banner, cookies, dns, meta, ssl, ports, protocols, web technologies, downloads, redirects, mail servers, user comments, risk factors, and related threats. Additionally, Pulsedive allows you to pivot on any data point (80M and counting), query across the entire database to uncover additional threats, or use our API to build custom integrations.
Rapid7 Labs - Open Data Project
Homepage: https://opendata.rapid7.com/
Description:
Offering researchers and community members open access to data from Project Sonar, which conducts internet-wide surveys to gain insights into global exposure to common vulnerabilities. DATASETS: 13, FILES: 24.086, TOTAL SIZE: 36.2 TB
Description:
Offering researchers and community members open access to data from Project Sonar, which conducts internet-wide surveys to gain insights into global exposure to common vulnerabilities. DATASETS: 13, FILES: 24.086, TOTAL SIZE: 36.2 TB
SANS Internet Storm Center
Homepage: https://isc.sans.edu/
Description:
The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
Description:
The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
The HIVE
Homepage: https://thehive-project.org/
Github: https://github.com/TheHive-Project/TheHive
Description:
A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.
Github: https://github.com/TheHive-Project/TheHive
Description:
A scalable, open source and free Security Incident Response Platform, tightly integrated with MISP (Malware Information Sharing Platform), designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly.