Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more β
Top 23 Threatintel Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
sysmon-config
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)
-
awesome-intelligence-writing
Awesome collection of great and useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles
-
misp-training
MISP trainings, threat intel and information sharing training materials with source code
-
kestrel-lang
Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.
-
threatbus
π Threat Bus β A threat intelligence dissemination layer for open-source security tools.
-
malware-ioc
This repository contains indicators of compromise (IOCs) of our various investigations. (by prodaft)
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: A recent abrupt change in Internet SSH brute force attacks against us | news.ycombinator.com | 2024-02-24
Project mention: Brute.Fail Watch brute force attacks in real time | news.ycombinator.com | 2023-06-02Thanks for the reference; after some link chasing I was able to end up on the project I believe you're thinking of: https://github.com/cowrie/cowrie#features (appears to be BSD-3-Clause: https://github.com/cowrie/cowrie/blob/master/LICENSE.rst )
https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/networking-overview plenty of windows troubleshooting tips here too, and this is pretty good symon script saves to event viewer even after a reboot! , also care with wireshark as it may give you a false sense of there's a fault, try tcpIPview from sysinternals and yeah procmon for sure. https://github.com/SwiftOnSecurity/sysmon-config use psping to ping the server directly and see the latency goes up and down, you can ping it more often every 1 second so you get a better more detailed resul.
I donβt want to endorse this practice at all but because it is public knowledge,
https://ransomwatch.telemetry.ltd
I trust you will be able to figure out the rest.
Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05Public Cloud Threat Intelligence β High confidence Indicator of Compromise(IOC) targeting public cloud infrastructure, A portion is available on github (https://github.com/unknownhad/AWSAttacks). Full list is available via API
Project mention: PTI-257 Group Indicators of Compromise (IOCs) - PTI-257 consists of former Wizard Spider actors who are publicly known for the various malware variants they use (Ryuk, Trickbot, and Conti, among others) | /r/blueteamsec | 2023-09-14
Threatintel related posts
- A recent abrupt change in Internet SSH brute force attacks against us
- Las Vegas
- Troubleshooting Intermittent Slowness on Network Share
- Sysmon not reading our config.xml-file
- Cheap, Fast, Good and Simple Remote Monitoring for Small Environments
- How do I exclude specific event IDs in Sysmon?
- Finding the Process initiating a ping
-
A note from our sponsor - InfluxDB
www.influxdata.com | 24 Apr 2024
Index
What are some of the best open-source Threatintel projects? This list will help you:
Project | Stars | |
---|---|---|
1 | spiderfoot | 11,670 |
2 | awesome-malware-analysis | 11,057 |
3 | MISP | 4,969 |
4 | cowrie | 4,904 |
5 | sysmon-config | 4,565 |
6 | IntelOwl | 3,103 |
7 | yeti | 1,626 |
8 | SysmonTools | 1,445 |
9 | harpoon | 1,133 |
10 | ThreatIngestor | 781 |
11 | sysmon-config | 749 |
12 | ransomwatch | 740 |
13 | iocextract | 485 |
14 | awesome-intelligence-writing | 463 |
15 | C2IntelFeeds | 433 |
16 | PyMISP | 418 |
17 | misp-training | 355 |
18 | Zeek-Intelligence-Feeds | 312 |
19 | kestrel-lang | 273 |
20 | threatbus | 254 |
21 | CloudIntel | 219 |
22 | malware-ioc | 196 |
23 | Log4Shell-IOCs | 184 |
Sponsored