Top 23 Threatintel Open-Source Projects

• spiderfoot

  19 11,768 4.8 Python

  SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

• awesome-malware-analysis

  8 11,071 0.0

  Defund the Police.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• MISP

  28 4,998 9.9 PHP

  MISP (core software) - Open Source Threat Intelligence and Sharing Platform

  

Project mention: A recent abrupt change in Internet SSH brute force attacks against us | news.ycombinator.com | 2024-02-24

• cowrie

  15 4,910 9.3 Python

  Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

  

Project mention: Brute.Fail Watch brute force attacks in real time | news.ycombinator.com | 2023-06-02

Thanks for the reference; after some link chasing I was able to end up on the project I believe you're thinking of: https://github.com/cowrie/cowrie#features (appears to be BSD-3-Clause: https://github.com/cowrie/cowrie/blob/master/LICENSE.rst )

• sysmon-config

  35 4,580 0.0

  Sysmon configuration file template with default high-quality event tracing

Project mention: Software Hardening Tools for System Defense | dev.to | 2024-04-30

cd c:\sysmon git clone https://github.com/SwiftOnSecurity/sysmon-config sysmon -accepteula -i sysmon-config/sysmon-config.xml

• IntelOwl

  13 3,114 9.8 Python

  IntelOwl: manage your Threat Intelligence at scale

  

Project mention: Monthly Security Checklist | /r/msp | 2023-06-25

• yeti

  2 1,633 9.6 Python

  Your Everyday Threat Intelligence

  

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

• SysmonTools

  2 1,449 3.5

  Utilities for Sysmon

• harpoon

  2 1,134 4.7 Python

  CLI tool for open source and threat intelligence (by Te-k)

• ThreatIngestor

  1 786 7.6 Python

  Extract and aggregate threat intelligence.

  

• sysmon-config

  1 750 7.2 PowerShell

  Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events. (by ion-storm)

• ransomwatch

  3 747 10.0 HTML

  the transparent ransomware claim tracker 🥷🏼🧅🖥️

Project mention: Las Vegas | news.ycombinator.com | 2023-09-16

I don’t want to endorse this practice at all but because it is public knowledge,

https://ransomwatch.telemetry.ltd

I trust you will be able to figure out the rest.

• iocextract

  1 486 5.4 Python

  Defanged Indicator of Compromise (IOC) Extractor.

  

• awesome-intelligence-writing

  1 463 1.8

  Awesome collection of great and useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles

• C2IntelFeeds

  1 438 9.9 REXX

  Automatically created C2 Feeds

• PyMISP

  3 422 9.2 Python

  Python library using the MISP Rest API

  

Project mention: FLaNK Stack Weekly for 13 November 2023 | dev.to | 2023-11-13

• misp-training

  1 357 7.9 TeX

  MISP trainings, threat intel and information sharing training materials with source code

  

• Zeek-Intelligence-Feeds

  1 314 7.4 Zeek

  Zeek-Formatted Threat Intelligence Feeds

  

• kestrel-lang

  1 274 9.6 Python

  Kestrel threat hunting language: building reusable, composable, and shareable huntflows across different data sources and threat intel.

  

• threatbus

  4 254 0.0 Python

  🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

  

• CloudIntel

  1 220 9.5

  This repo contains IOC, malware and malware analysis associated with Public cloud

Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05

Public Cloud Threat Intelligence — High confidence Indicator of Compromise(IOC) targeting public cloud infrastructure, A portion is available on github (https://github.com/unknownhad/AWSAttacks). Full list is available via API

• malware-ioc

  8 197 5.7 Python

  This repository contains indicators of compromise (IOCs) of our various investigations. (by prodaft)

  

Project mention: PTI-257 Group Indicators of Compromise (IOCs) - PTI-257 consists of former Wizard Spider actors who are publicly known for the various malware variants they use (Ryuk, Trickbot, and Conti, among others) | /r/blueteamsec | 2023-09-14

• Log4Shell-IOCs

  1 184 3.6 Python

  A collection of intelligence about Log4Shell and its exploitation activity.

  

• SaaSHub

  www.saashub.com featured

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Threatintel related posts

• Software Hardening Tools for System Defense

  1 project | dev.to | 30 Apr 2024

• A recent abrupt change in Internet SSH brute force attacks against us

  1 project | news.ycombinator.com | 24 Feb 2024

• Las Vegas

  1 project | news.ycombinator.com | 16 Sep 2023

• Troubleshooting Intermittent Slowness on Network Share

  1 project | /r/msp | 7 Jul 2023

• Sysmon not reading our config.xml-file

  1 project | /r/sysadmin | 21 Jun 2023

• Cheap, Fast, Good and Simple Remote Monitoring for Small Environments

  1 project | /r/msp | 31 May 2023

• How do I exclude specific event IDs in Sysmon?

  1 project | /r/sysadmin | 15 Apr 2023
• A note from our sponsor - SaaSHub
  www.saashub.com | 4 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com