MISP-tools
ThreatIngestor
MISP-tools | ThreatIngestor | |
---|---|---|
2 | 1 | |
32 | 786 | |
- | 1.9% | |
6.0 | 7.6 | |
9 days ago | 3 months ago | |
Python | Python | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
MISP-tools
-
Ingesting IOCs in to CS from MISP
I'd start with intel_client.py (most CS interactions happen here) and indicators.py (the logic for the handling of indicators, a lot of this is PyMISP-specific but it will help you identify data elements you want to bring over).
ThreatIngestor
What are some alternatives?
falconpy - The CrowdStrike Falcon SDK for Python
C2IntelFeeds - Automatically created C2 Feeds
PyMISP - Python library using the MISP Rest API
sysmon-config - Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
threatbus - 🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.
YaraHunter - 🔍🔍 Malware scanner for cloud-native, as part of CI/CD and at Runtime 🔍🔍
falcon-query-assets - Welcome to the Falcon Query Assets GitHub page.
harpoon
misp-warninglists - Warning lists to inform users of MISP about potential false-positives or other information in indicators
StalkPhish - StalkPhish - The Phishing kits stalker, harvesting phishing kits for investigations.
cURL_for_OSINT - cURL Tool Usage for OSINT (Open-Source Intelligence)
uzen - Website crawler with YARA detection