mirror of
https://github.com/hslatman/awesome-threat-intelligence.git
synced 2024-12-18 10:26:10 +00:00
Clean repository
This commit is contained in:
parent
fbfed281cf
commit
ee623f6d0e
@ -4,4 +4,4 @@ rvm:
|
||||
before_script:
|
||||
- gem install awesome_bot
|
||||
script:
|
||||
- awesome_bot README.md --white-list CONTRIBUTING.md,https://www.threatcrowd.org/,https://intel.deepviz.com/recap_network.php,https://www.fireeye.com/services/freeware/ioc-editor.html,https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf,http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf,http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://sslbl.abuse.ch/,https://soltra.com/,https://cryptome.org/2015/09/cti-guide.pdf,https://intel.criticalstack.com/,https://car.mitre.org/wiki/Main_Page,http://dx.doi.org/10.6028/NIST.SP.800-150,https://bitbucket.org/camp0/aiengine,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html,http://danger.rulez.sk/projects/bruteforceblocker/blist.php,https://intel.malwaretech.com --allow-ssl --allow-redirect
|
||||
- awesome_bot README.md --white-list CONTRIBUTING.md,http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt,http://www.amazon.com/Structured-Analytic-Techniques-Intelligence-Analysis/dp/1452241511,https://cryptome.org/2015/09/cti-guide.pdf,https://www.abuse.ch/,https://www.recordedfuture.com/,https://isc.sans.edu/suspicious_domains.html,http://danger.rulez.sk/projects/bruteforceblocker/blist.php,https://intel.malwaretech.com --allow-ssl --allow-redirect
|
||||
|
74
README.md
74
README.md
@ -32,7 +32,7 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
||||
<a href="http://s3.amazonaws.com/alexa-static/top-1m.csv.zip" target="_blank">Alexa Top 1 Million sites</a>
|
||||
</td>
|
||||
<td>
|
||||
The top 1 Million sites from Amazon(Alexa). <a href="http://threatglass.com/pages/about" target="_blank">Never</a> use this as a <a href="https://www.netresec.com/?page=Blog&month=2017-04&post=Domain-Whitelist-Benchmark%3a-Alexa-vs-Umbrella" target="_blank">whitelist</a>.
|
||||
The top 1 Million sites from Amazon(Alexa). Never use this as a <a href="https://www.netresec.com/?page=Blog&month=2017-04&post=Domain-Whitelist-Benchmark%3a-Alexa-vs-Umbrella" target="_blank">whitelist</a>.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
@ -141,18 +141,10 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://intel.criticalstack.com/" target="_blank">Critical Stack Intel</a>
|
||||
<a href="https://intelstack.com/" target="_blank">Critical Stack Intel</a>
|
||||
</td>
|
||||
<td>
|
||||
The free threat intelligence parsed and aggregated by Critical Stack is ready for use in any Bro production system. You can specify which feeds you trust and want to ingest.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://www.c1fapp.com/" target="_blank">C1fApp</a>
|
||||
</td>
|
||||
<td>
|
||||
C1fApp is a threat feed aggregation application, providing a single feed, both Open Source and private. Provides statistics dashboard, open API for search and is been running for a few years now. Searches are on historical data.
|
||||
The free threat intelligence parsed and aggregated by Critical Stack is ready for use in any Bro production system. You can specify which feeds you trust and want to ingest. Will soon be made unavailable and may become available on https://developer.capitalone.com/resources/open-source.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
@ -163,14 +155,6 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
||||
Cyber Cure offers free cyber threat intelligence feeds with lists of IP addresses that are currently infected and attacking on the internet. There are list of urls used by malware and list of hash files of known malware that is currently spreading. CyberCure is using sensors to collect intelligence with a very low false positive rate. Detailed <a href="https://docs.cybercure.ai" target="_blank">documentation</a> is available as well.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://www.cyberthreatexchange.com/" target="_blank">Cyber Threat Exchange</a>
|
||||
</td>
|
||||
<td>
|
||||
The Threat Exchange is an online marketplace platform for buying, selling and sharing cyber threat intelligence feeds.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://dataplane.org/" target="_blank">DataPlane.org</a>
|
||||
@ -202,14 +186,6 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
||||
<td>
|
||||
Free intelligence source for current and historical DNS information, WHOIS information, finding other websites associated with certain IPs, subdomain knowledge and technologies. There is a <a href="https://securitytrails.com/">IP and domain intelligence API available</a> as well.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://www.assetwatch.io/domainstream/" target="_blank">DomainStream</a>
|
||||
</td>
|
||||
<td>
|
||||
Live domain name feed from various Certificate Transparency Logs and Passive DNS Data that is being scanned everyday. Use this to find new subdomains of your interest when it appears on the internet or find probable phishing domains.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
@ -312,7 +288,7 @@ A certain amount of (domain- or business-specific) analysis is necessary to crea
|
||||
<a href="https://infosec.cert-pa.it" target="_blank">Infosec - CERT-PA</a>
|
||||
</td>
|
||||
<td>
|
||||
Malware samples <a href="https://infosec.cert-pa.it/analyze/submission.html" target="_blank">collection and analysis</a>, <a href="https://infosec.cert-pa.it/analyze/statistics.html" target="_blank">blocklist service, <a href="https://infosec.cert-pa.it/cve.html">vulnerabilities database</a> and more. Created and managed by <a href="https://www.cert-pa.it">CERT-PA</a>
|
||||
Malware samples <a href="https://infosec.cert-pa.it/analyze/submission.html" target="_blank">collection and analysis</a>, <a href="https://infosec.cert-pa.it/analyze/statistics.html" target="_blank">blocklist service, <a href="https://infosec.cert-pa.it/cve.html">vulnerabilities database</a> and more. Created and managed by CERT-PA.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
@ -557,14 +533,6 @@ The primary goal of Malpedia is to provide a resource for rapid identification a
|
||||
This source is being populated with the content from over 90 open source, security blogs. IOCs (<a href="https://en.wikipedia.org/wiki/Indicator_of_compromise" target="_blank">Indicators of Compromise</a>) are parsed out of each blog and the content of the blog is formatted in markdown.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="http://www.threatglass.com/" target="_blank">Threatglass</a>
|
||||
</td>
|
||||
<td>
|
||||
An online tool for sharing, browsing and analyzing web-based malware. Threatglass allows users to graphically browse website infections by viewing screenshots of the stages of infection, as well as by analyzing network characteristics such as host relationships and packet captures.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://www.threatminer.org/" target="_blank">ThreatMiner</a>
|
||||
@ -584,7 +552,7 @@ The primary goal of Malpedia is to provide a resource for rapid identification a
|
||||
<td>
|
||||
<a href="https://portal.underattack.today/" target="_blank">UnderAttack.today</a>
|
||||
</td>
|
||||
<td>UnderAttack is a free intelligence platform, it shares IPs and information about suspicious events and attacks. Registration is free at <a href="https://portal.underattack.today" target="_blank">https://portal.underattack.today</a></td>
|
||||
<td>UnderAttack is a free intelligence platform, it shares IPs and information about suspicious events and attacks. Registration is free.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
@ -798,25 +766,6 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari
|
||||
IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://www.intelstitch.com" target="_blank">IntelStitch</a>
|
||||
</td>
|
||||
<td>
|
||||
IntelStitch streamlines the aggregation, enforcement and sharing of cyber threat intelligence. IntelStitch can collect and process intelligence from traditional threat feeds as well as more dynamic sources including Pastebin pastes, tweets, and forums so that it can be integrated with downstream security tools.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://technet.microsoft.com/en-us/security/dn458536" target="_blank">Interflow</a>
|
||||
</td>
|
||||
<td>
|
||||
Interflow is a security and threat information exchange platform created by Microsoft for professionals working in cybersecurity.
|
||||
It uses a distributed architecture which enables sharing of security and threat information within and between communities for a collectively stronger ecosystem.
|
||||
Offering multiple configuration options, Interflow allows users to decide what communities to form, what data feeds to consume, and with whom.
|
||||
Interflow is currently in private preview.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://www.kaspersky.com/enterprise-security/threat-intelligence" target="_blank">Kaspersky Threat Intelligence Portal</a>
|
||||
@ -1688,16 +1637,15 @@ All kinds of reading material about Threat Intelligence. Includes (scientific) r
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="https://www.threatconnect.com/wp-content/uploads/ThreatConnect-The-Diamond-Model-of-Intrusion-Analysis.pdf" target="_blank">The Diamond Model of Intrusion Analysis</a>
|
||||
<a href="docs/diamond.pdf" target="_blank">The Diamond Model of Intrusion Analysis</a>
|
||||
</td>
|
||||
<td>
|
||||
This paper presents the Diamond Model, a cognitive framework and analytic instrument to support and improve intrusion analysis. Supporting increased measurability, testability and repeatability
|
||||
in intrusion analysis in order to attain higher effectivity, efficiency and accuracy in defeating adversaries is one of its main contributions.
|
||||
This paper presents the Diamond Model, a cognitive framework and analytic instrument to support and improve intrusion analysis. Supporting increased measurability, testability and repeatability in intrusion analysis in order to attain higher effectivity, efficiency and accuracy in defeating adversaries is one of its main contributions.
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="http://www.dtic.mil/dtic/tr/fulltext/u2/a547092.pdf" target="_blank">F3EAD</a>
|
||||
<a href="docs/a547092.pdf" target="_blank">The Targeting Process: D3A and F3EAD</a>
|
||||
</td>
|
||||
<td>
|
||||
F3EAD is a military methodology for combining operations and intelligence.
|
||||
@ -1705,7 +1653,7 @@ All kinds of reading material about Threat Intelligence. Includes (scientific) r
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="http://dx.doi.org/10.6028/NIST.SP.800-150" target="_blank">Guide to Cyber Threat Information Sharing by NIST</a>
|
||||
<a href="docs/NIST.SP.800-150.pdf" target="_blank">Guide to Cyber Threat Information Sharing by NIST</a>
|
||||
</td>
|
||||
<td>
|
||||
The Guide to Cyber Threat Information Sharing (NIST Special Publication 800-150) assists organizations in establishing computer security incident response capabilities that leverage the collective knowledge, experience, and abilities of their partners by actively sharing threat intelligence and ongoing coordination. The guide provides guidelines for coordinated incident handling, including producing and consuming data, participating in information sharing communities, and protecting incident-related data.
|
||||
@ -1737,7 +1685,7 @@ All kinds of reading material about Threat Intelligence. Includes (scientific) r
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="http://www.dtic.mil/doctrine/new_pubs/jp2_0.pdf" target="_blank">Joint Publication 2-0: Joint Intelligence</a>
|
||||
<a href="docs/jp2_0.pdf" target="_blank">Joint Publication 2-0: Joint Intelligence</a>
|
||||
</td>
|
||||
<td>
|
||||
This publication by the U.S army forms the core of joint intelligence doctrine and lays the foundation to fully integrate operations, plans and intelligence into a cohesive team. The concepts presented are applicable to (Cyber) Threat Intelligence too.
|
||||
@ -1770,7 +1718,7 @@ All kinds of reading material about Threat Intelligence. Includes (scientific) r
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a href="http://rvasec.com/slides/2014/Bianco_Pyramid%20of%20Pain.pdf" target="_blank">Pyramid of Pain</a>
|
||||
<a href="docs/pyramidofpain.pdf" target="_blank">Pyramid of Pain</a>
|
||||
</td>
|
||||
<td>
|
||||
The Pyramid of Pain is a graphical way to express the difficulty of obtaining different levels of indicators and the amount of resources adversaries have to expend when obtained by defenders.
|
||||
|
BIN
docs/NIST.SP.800-150.pdf
Normal file
BIN
docs/NIST.SP.800-150.pdf
Normal file
Binary file not shown.
BIN
docs/a547092.pdf
Normal file
BIN
docs/a547092.pdf
Normal file
Binary file not shown.
BIN
docs/diamond.pdf
Normal file
BIN
docs/diamond.pdf
Normal file
Binary file not shown.
BIN
docs/jp2_0.pdf
Normal file
BIN
docs/jp2_0.pdf
Normal file
Binary file not shown.
BIN
docs/pyramidofpain.pdf
Normal file
BIN
docs/pyramidofpain.pdf
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user