Numerous additions to tools

This commit is contained in:
Herman Slatman 2015-12-31 12:55:26 +01:00
parent 2cdb13269b
commit 1f9ecd1f55

View File

@ -5,13 +5,12 @@ A curated list of Awesome Threat Intelligence resources
- [Parsers](#parsers) - [Parsers](#parsers)
- [Standards](#standards) - [Standards](#standards)
- [Frameworks](#frameworks-and-platforms) - [Frameworks](#frameworks-and-platforms)
- [Tools](#tools)
- [Research](#research) - [Research](#research)
## Sources ## Sources
## Parsers
## Standards ## Standards
<table> <table>
@ -60,6 +59,14 @@ A curated list of Awesome Threat Intelligence resources
The Collective Intelligence Framework (CIF) allows you to combine known malicious threat information from many sources and use that information for IR, detection and mitigation. Code available on <a href="https://github.com/csirtgadgets/massive-octo-spice" target="_blank">GitHub</a>. The Collective Intelligence Framework (CIF) allows you to combine known malicious threat information from many sources and use that information for IR, detection and mitigation. Code available on <a href="https://github.com/csirtgadgets/massive-octo-spice" target="_blank">GitHub</a>.
</td> </td>
</tr> </tr>
<tr>
<td>
<a href="https://www.enisa.europa.eu/activities/cert/support/incident-handling-automation" target="_blank">IntelMQ</a>
</td>
<td>
IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="http://www.misp-project.org/" target="_blank">MISP</a> <a href="http://www.misp-project.org/" target="_blank">MISP</a>
@ -92,12 +99,20 @@ A curated list of Awesome Threat Intelligence resources
The Threat Analysis, Reconnaissance, and Data Intelligence System (TARDIS) is an open source framework for performing historical searches using attack signatures. The Threat Analysis, Reconnaissance, and Data Intelligence System (TARDIS) is an open source framework for performing historical searches using attack signatures.
</td> </td>
</tr> </tr>
<tr>
<td>
<a href="https://www.threatcrowd.org/" target="_blank"ThreatCrowd</a>
</td>
<td>
ThreatCrowd is a system for finding and researching artefacts relating to cyber threats.
</td>
</tr>
<tr> <tr>
<td> <td>
<a href="https://developers.facebook.com/docs/threat-exchange/" target="_blank">ThreatExchange</a> <a href="https://developers.facebook.com/docs/threat-exchange/" target="_blank">ThreatExchange</a>
</td> </td>
<td> <td>
Facebook created ThreatExchange so that participating organizations can share threat data using a convenient, structured, and easy-to-use API that provides privacy controls to enable sharing with only desired groups. This project is still in *beta*. Facebook created ThreatExchange so that participating organizations can share threat data using a convenient, structured, and easy-to-use API that provides privacy controls to enable sharing with only desired groups. This project is still in <b>beta</b>.
</td> </td>
</tr> </tr>
<tr> <tr>
@ -110,4 +125,61 @@ A curated list of Awesome Threat Intelligence resources
</tr> </tr>
</table> </table>
## Tools
<table>
<tr>
<td>
<a href="https://github.com/mlsecproject/combine" target="_blank">Combine</a>
</td>
<td>
Combine gathers Threat Intelligence Feeds from publicly available sources.
</td>
</tr>
<tr>
<td>
<a href="https://www.fireeye.com/services/freeware/ioc-editor.html" target="_blank">IOC Editor</a>
</td>
<td>
A free editor for Indicators of Compromise (IOCs).
</td>
</tr>
<tr>
<td>
<a href="https://github.com/mandiant/ioc_writer" target="_blank">ioc_writer</a>
</td>
<td>
Provides a python library that allows for basic creation and editing of OpenIOC objects.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/jpsenior/threataggregator" target="_blank">threataggregator</a>
</td>
<td>
ThreatAggregrator aggregates security threats from a number of online sources, and outputs to various formats, including CEF, Snort and IPTables rules.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/jiachongzhi/ThreatTracker" target="_blank">ThreatTracker</a>
</td>
<td>
A Python script designed to monitor and generate alerts on given sets of IOCs indexed by a set of Google Custom Search Engines.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/mlsecproject/tiq-test" target="_blank">tiq-test</a>
</td>
<td>
The Threat Intelligence Quotient (TIQ) Test tool provides visualization and statistical analysis of TI feeds.
</td>
</tr>
</table>
## Research ## Research