av Cyber Threat 3 år siden
1438
Mer som dette
https://www.nist.gov/system/files/documents/cyberframework/cybersecurity-framework-021214.pdf
HyperRun
AnyRun
Cuckoo (Selfhosted)
VMRay (Private)
ELK for Mikrotik Netflow
https://github.com/robcowart/elastiflow
https://github.com/dragoangel/parsedmarc-dockerized
https://domainaware.github.io/parsedmarc/
Endpoint
Sysmon
https://browninfosecguy.com/sysmon-101
[Looks unmaintained] YETI
[Looks Unmaintained] hippocampe
Hippocampe is a threat feed aggregator. It gives your organisation a threat feed 'memory' and lets you query it easily through a REST API or from a Web UI. If you have a
server, there's already an analyzer to query Hippocampe. And if you use
as a security incident response platform, you can customize the JSON output produced by the analyzer to your taste or use the report template that we kindly provide.
Hippocampe aggregates feeds from the Internet in an Elasticsearch cluster. It has a REST API which allows to search into its 'memory'. It is based on a Python script which fetchs URLs corresponding to feeds, parses and indexes them.
OpenCTI
https://kibana.opencti.io/s/public/goto/011b80ae0da7aca60de6db2d6cf76c75
https://medium.com/luatix/your-cyber-threat-intelligence-knowledge-in-a-magic-box-af2cbf7dd4be
https://www.notion.so/Using-Docker-03d5c0592b9d4547800cc9f4ff7be2b8#39617668dafb42648e8efb75f7d0a558
Minemeld
https://github.com/hkelley/splunksearch-miner
https://live.paloaltonetworks.com/t5/minemeld-articles/using-minemeld-to-create-a-managed-services-offering/ta-p/166505
https://live.paloaltonetworks.com/t5/minemeld-articles/enable-access-to-office-365-with-minemeld-updated/ta-p/224148
https://live.paloaltonetworks.com/t5/minemeld-articles/configuring-nodes/ta-p/77185
https://live.paloaltonetworks.com/t5/minemeld-articles/send-iocs-to-microsoft-graph-api-with-minemeld/ta-p/258540
https://hurricanelabs.com/blog/threat-intelligence-aggregation-and-deduplication-with-minemeld/
https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists
https://socinvestigation-com.cdn.ampproject.org/c/s/socinvestigation.com/top-5-best-open-source-threat-intelligence-feeds/amp/
https://socinvestigation.com/cyber-threat-intelligence-tools-for-security-professionals-2021/
Accountless
https://opendata.rapid7.com/
https://openphish.com/feed.txt
https://twitter.com/dgafeedalerts
https://osint.bambenekconsulting.com/feeds/
https://www.botvrij.eu/
MISP Integration
https://sslbl.abuse.ch/
Virusshare
Samples
SANS Internet Storm Center
https://isc.sans.edu/suspicious_domains.html
Cisco – Talos Intelligence
https://feodotracker.abuse.ch/
https://threatview.io/
OSINT Threat Feed
Bitcoin Address
SHA Hash
MD5 Hash
https://threatfeeds.io/?feed=Talos%20IP%20Blacklist
https://socinvestigation.com
https://socinvestigation.com/threat-intelligence-dridex-malware-latest-iocs/
Website with IoCs, Hash, URL, IP, Domain,
Free Account required
https://pulsedive.com/
https://urlhaus.abuse.ch
Google – Safe Browsing
Google Account
https://bazaar.abuse.ch/
Twitter Account
Paid Account required
https://www.apivoid.com
https://www.ipvoid.com/
FAME Automates Malware Evaluation Meet the open-source malware analysis framework and its user-friendly web interface. Made by and for incident responders.
https://github.com/laramies/theHarvester
https://github.com/Patrowl/PatrowlManager
http://misp.github.io/misp-modules/
https://github.com/TheHive-Project/Cortex
https://github.com/TheHive-Project/CortexDocs/blob/master/analyzer_requirements.md#free-analyzers
TBD
Virustotal
https://github.com/MISP/misp-workbench
Malware/IOC ingestion and processing engine
MISP
https://github.com/silascutler/MalPipe
BambenekFeeds (osint.bambenekconsulting.com/feeds/)
VirusTotal (https://www.virustotal.com)
FeodoBlockList (https://feodotracker.abuse.ch)
Malc0deIPList (http://malc0de.com/)
NoThinkIPFeeds (www.nothink.org/)
OpenPhishURLs (https://openphish.com
TorNodes (https://torstatus.blutmagie.de)
MalShare (https://malshare.com/)
https://github.com/HurricaneLabs/machinae
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints. It was inspired by
, another excellent tool for collecting information.
https://github.com/intelowlproject/IntelOwl
GOSINT - Open Source Threat Intelligence Gathering and Processing Framework
https://gosint.readthedocs.io/en/latest/configuration.html
https://github.com/ciscocsirt/GOSINT
Custom Feed URLs
Whitelist Domains
Whitelist ISP
Alexa Whitelist
CRITs
VirusTotal
AlienVault
https://github.com/InQuest/ThreatIngestor
Falco
Network Security Monitoring on Raspberry Pi type devices
Suricata
Zeek
BRO
https://github.com/0xrawsec/whids/blob/master/tools/sysmon/v13/sysmon-v13.x-optimal.xml
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/become-a-microsoft-defender-atp-ninja/ba-p/1515647
https://ateixei.medium.com/different-siems-same-challenges-only-time-generated-will-tell-fee56b9391e9
https://stackify.com/best-log-management-tools/
https://www.comparitech.com/net-admin/best-windows-event-log-management-tools/
https://wlambertts.medium.com/zero-dollar-detection-and-response-orchestration-with-n8n-security-onion-thehive-and-10b5e685e2a1
https://ateixei.medium.com/different-siems-same-challenges-only-time-generated-will-tell-fee56b9391e9
$200 and above monthly
free 500MB
https://www.datadoghq.com/pricing/
$0,30 per GB
Loggly
Sematext
start monthly at $60
Free 500MB 7d retention
LogRhytm
Logz.io
30d retention for $2,25 per GB; start for 2GB
https://logz.io/blog/docker-logging/
HELK
https://siemonster.com/
Graylog
Security Onion 2
https://github.com/LetMeR00t/TA-thehive-cortex
App / SA - Security App | Dashboards, Searches, ...
TA - Technical Addon | Ingest Data
EmailScanner is an integration application in python that uses `exchangelib` to process mail items in Microsoft exchange.
Reading and processing of email folders for TheHive + Autoupdating case histories
https://github.com/arnydo/Synapse
GRR
Thor, Thor Lite | Nextron
GoAccess is an open source real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
Untertopic
https://github.com/certsocietegenerale/IRM/tree/master/EN
https://scaleup.us/2020/06/21/how-to-block-ips-in-your-traefik-proxy-server/
https://serverok.in/postfix-rbl
https://wiki.centos.org/HowTos/postfix_restrictions
https://www.howtoforge.com/virtual_postfix_antispam
x509
Bitcoin Addresses
SHA512
SHA256
SHA1
MD5
Office Files
Executables
other files