From b2a379d233296d34a5b3dd4867d1b593dc1e3431 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 1 Aug 2018 23:43:57 +0200 Subject: [PATCH 1/4] Add Cortex --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 21354c9..a00c488 100644 --- a/README.md +++ b/README.md @@ -639,6 +639,14 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari Allows participants to share threat indicators with the community. + + + Cortex + + + Cortex allows observables, such as IPs, email addresses, URLs, domain names, files or hashes, to be analyzed one by one or in bulk mode using a single web interface. The web interface acts as a frontend for numerous analyzers, removing the need for integrating these yourself during analysis. Analysts can also use the Cortex REST API to automate parts of their analysis. + + CRITS From 3af302154ad6d9792980ca9de4b0e2b7be3128ed Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 1 Aug 2018 23:48:48 +0200 Subject: [PATCH 2/4] Add KLara --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index a00c488..11a14f6 100644 --- a/README.md +++ b/README.md @@ -1127,6 +1127,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly Jager is a tool for pulling useful IOCs (indicators of compromise) out of various input sources (PDFs for now, plain text really soon, webpages eventually) and putting them into an easy to manipulate JSON format. + + + KLara + + + KLara, a distributed system written in Python, allows researchers to scan one or more Yara rules over collections with samples, getting notifications by e-mail as well as the web interface when scan results are ready. + + libtaxii From debc2e59562885a6c8a60156ee2c791608160151 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 1 Aug 2018 23:51:33 +0200 Subject: [PATCH 3/4] Add Hippocampe --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 11a14f6..36bcff4 100644 --- a/README.md +++ b/README.md @@ -1071,6 +1071,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly Python script that allows to query multiple online threat aggregators from a single interface. + + + Hippocampe + + + Hippocampe aggregates threat feeds from the Internet in an Elasticsearch cluster. It has a REST API which allows to search into its 'memory'. It is based on a Python script which fetchs URLs corresponding to feeds, parses and indexes them. + + Hiryu From 7862b6d8666b2dda096817ef835ce14d2099ab28 Mon Sep 17 00:00:00 2001 From: Herman Slatman Date: Wed, 1 Aug 2018 23:54:11 +0200 Subject: [PATCH 4/4] Add MalPipe --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 36bcff4..d82e0e2 100644 --- a/README.md +++ b/README.md @@ -1175,6 +1175,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints. + + + MalPipe + + + Amodular malware (and indicator) collection and processing framework. It is designed to pull malware, domains, URLs and IP addresses from multiple feeds, enrich the collected data and export the results. + + MISP Workbench