Information Security Architecture

r

https://www.nist.gov/system/files/documents/cyberframework/cybersecurity-framework-021214.pdf

Identify

What to check?

Logs

Mails

Files

other files

Executables

Office Files

Network Indicators

Asset Discovery

Nozomi Networks

...

Which Indicators exists

IP

Domain

Host

Hash

MD5

SHA1

SHA256

SHA512

Mail address

URL

PATH

Behavior

Cryptocurrency Wallets

Bitcoin Addresses

Certificates

x509

CMDB - Configuration Management Database

Service NOW CMDB

Protect

1.

Technologies

Postfix

Traefik

2.

Processes

Playbooks

Untertopic

Additional Supporting Tools

Banditore retrieves new releases from your starred GitHub repositories and generate an Atom feed with them.

Manipulate and extract envfiles in json format.

GoAccess

r

What is it?GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.

a

Breach Information

Have I been pawned

What is AbuseIO?

It is a toolkit anyone can use to receive, process, correlate abuse reports and send notifications with specific information regarding the abuse case(s) on your network. AbuseIO's purpose is to consolidate efforts by various companies and individuals to automate and improve the abuse handling process.

sed regex verifier

Test

Choose the best MSSP

Recover

Respond

Workflow

n8n

Shuffle

Cortex XSOAR Palo Alto

Splunk Phantom

Endpoint Incident Response Tools

Agentless

Thor, Thor Lite | Nextron

Agent required

GRR

Case Management

TheHive

Reading and processing of email folders for TheHive + Autoupdating case histories

EmailScanner is an integration application in python that uses `exchangelib` to process mail items in Microsoft exchange.

FIR - Fast Incident Response

Detect

SIEM - Central Security Log System

r

https://ateixei.medium.com/different-siems-same-challenges-only-time-generated-will-tell-fee56b9391e9https://stackify.com/best-log-management-tools/https://www.comparitech.com/net-admin/best-windows-event-log-management-tools/https://wlambertts.medium.com/zero-dollar-detection-and-response-orchestration-with-n8n-security-onion-thehive-and-10b5e685e2a1https://ateixei.medium.com/different-siems-same-challenges-only-time-generated-will-tell-fee56b9391e9

a

Splunk

TA - Technical Addon | Ingest Data

App / SA - Security App | Dashboards, Searches, ...

ExaBeam

Elastic Search

Security Onion 2

Graylog

HELK

Logz.io

30d retention for $2,25 per GB; start for 2GB

Untertopic

LogRhytm

Sematext

Free 500MB 7d retention

start monthly at $60

Loggly

DataDogHQ

r

https://www.datadoghq.com/pricing/

$0,30 per GB

Sumologic

free 500MB

$200 and above monthly

Endpoint Detection and Response (EDR)

Defender ATP for Endpoint

Wazuh

Carbon Black

Untertopic

Intrusion Detection System

Network

BRO

Zeek

Suricata

Network Security Monitoring on Raspberry Pi type devices

Host

Falco

Untertopic

Enrichment

Extractor

GOSINT - Open Source Threat Intelligence Gathering and Processing Framework

r

https://gosint.readthedocs.io/en/latest/configuration.htmlhttps://github.com/ciscocsirt/GOSINT

a

Aggregator

r

Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints. It was inspired byAutomater, another excellent tool for collecting information.

r

Malware/IOC ingestion and processing engine

FAME Automates Malware Evaluation

Meet the open-source malware analysis framework and its user-friendly web interface. Made by and for incident responders.

a

IoC Feeds

r

https://socinvestigation-com.cdn.ampproject.org/c/s/socinvestigation.com/top-5-best-open-source-threat-intelligence-feeds/amp/https://socinvestigation.com/cyber-threat-intelligence-tools-for-security-professionals-2021/

a

Paid Account required

Free Account required

Twitter Account

VirusTotal

Google – Safe Browsing

Google Account

Twitter Account

Accountless

r

https://socinvestigation.com/threat-intelligence-dridex-malware-latest-iocs/

Website with IoCs, Hash, URL, IP, Domain,

Cisco – Talos Intelligence

SANS Internet Storm Center

Virusshare

Samples

Hash

MISP Integration

DNSBL (DNS Blacklists

IoC Storage

Minemeld

OpenCTI

[Looks Unmaintained] hippocampe

r

Hippocampe is a threat feed aggregator. It gives your organisation a threat feed 'memory' and lets you query it easily through a REST API or from a Web UI. If you have aCortexserver, there's already an analyzer to query Hippocampe. And if you useTheHiveas a security incident response platform, you can customize the JSON output produced by the analyzer to your taste or use the report template that we kindly provide.Hippocampe aggregates feeds from the Internet in an Elasticsearch cluster. It has a REST API which allows to search into its 'memory'. It is based on a Python script which fetchs URLs corresponding to feeds, parses and indexes them.

a

[Looks unmaintained] YETI

MISP

Log enrichment

Endpoint

Sysmon

Mail

Network

ELK for Mikrotik Netflow

a

Malware Analyse