Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more β
Top 23 Threatintel Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)
-
-
awesome-intelligence-writing
Awesome collection of great and useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles
-
-
misp-training
MISP trainings, threat intel and information sharing training materials with source code
-
-
kestrel-lang
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
-
threatbus
π Threat Bus β A threat intelligence dissemination layer for open-source security tools.
-
malware-ioc
This repository contains indicators of compromise (IOCs) of our various investigations. (by prodaft)
-
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: A recent abrupt change in Internet SSH brute force attacks against us | news.ycombinator.com | 2024-02-24
Project mention: Brute.Fail Watch brute force attacks in real time | news.ycombinator.com | 2023-06-02Thanks for the reference; after some link chasing I was able to end up on the project I believe you're thinking of: https://github.com/cowrie/cowrie#features (appears to be BSD-3-Clause: https://github.com/cowrie/cowrie/blob/master/LICENSE.rst )
https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/networking-overview plenty of windows troubleshooting tips here too, and this is pretty good symon script saves to event viewer even after a reboot! , also care with wireshark as it may give you a false sense of there's a fault, try tcpIPview from sysinternals and yeah procmon for sure. https://github.com/SwiftOnSecurity/sysmon-config use psping to ping the server directly and see the latency goes up and down, you can ping it more often every 1 second so you get a better more detailed resul.
I donβt want to endorse this practice at all but because it is public knowledge,
https://ransomwatch.telemetry.ltd
I trust you will be able to figure out the rest.
Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05Public Cloud Threat Intelligence β High confidence Indicator of Compromise(IOC) targeting public cloud infrastructure, A portion is available on github (https://github.com/unknownhad/AWSAttacks). Full list is available via API
Project mention: PTI-257 Group Indicators of Compromise (IOCs) - PTI-257 consists of former Wizard Spider actors who are publicly known for the various malware variants they use (Ryuk, Trickbot, and Conti, among others) | /r/blueteamsec | 2023-09-14
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Threatintel related posts
- A recent abrupt change in Internet SSH brute force attacks against us
- Las Vegas
- Troubleshooting Intermittent Slowness on Network Share
- Sysmon not reading our config.xml-file
- Cheap, Fast, Good and Simple Remote Monitoring for Small Environments
- How do I exclude specific event IDs in Sysmon?
- Finding the Process initiating a ping
-
A note from our sponsor - InfluxDB
www.influxdata.com | 24 Apr 2024
Index
What are some of the best open-source Threatintel projects? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | spiderfoot | 11,670 |
| 2 | awesome-malware-analysis | 11,057 |
| 3 | MISP | 4,969 |
| 4 | cowrie | 4,904 |
| 5 | sysmon-config | 4,565 |
| 6 | IntelOwl | 3,103 |
| 7 | yeti | 1,626 |
| 8 | SysmonTools | 1,445 |
| 9 | harpoon | 1,133 |
| 10 | ThreatIngestor | 781 |
| 11 | sysmon-config | 749 |
| 12 | ransomwatch | 740 |
| 13 | iocextract | 485 |
| 14 | awesome-intelligence-writing | 463 |
| 15 | C2IntelFeeds | 433 |
| 16 | PyMISP | 418 |
| 17 | misp-training | 355 |
| 18 | Zeek-Intelligence-Feeds | 312 |
| 19 | kestrel-lang | 273 |
| 20 | threatbus | 254 |
| 21 | CloudIntel | 219 |
| 22 | malware-ioc | 196 |
| 23 | Log4Shell-IOCs | 184 |
Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com