infosecn1nja
/
awesome-threat-intelligence
mirror of https://github.com/infosecn1nja/awesome-threat-intelligence.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #138 from hslatman/hs_early_august_additions 

Add Cortex, KLara, Hippocampe and MalPipe
master
Herman Slatman 2018-08-07 08:34:11 +02:00 committed by GitHub
parent d6a9aa1104 7862b6d866
commit 7b68045b99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@ -647,6 +647,14 @@ Frameworks, platforms and services for collecting, analyzing, creating and shari
Allows participants to share threat indicators with the community.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/TheHive-Project/Cortex" target="_blank">Cortex</a>
</td>
<td>
Cortex allows observables, such as IPs, email addresses, URLs, domain names, files or hashes, to be analyzed one by one or in bulk mode using a single web interface. The web interface acts as a frontend for numerous analyzers, removing the need for integrating these yourself during analysis. Analysts can also use the Cortex REST API to automate parts of their analysis.
</td>
</tr>
<tr>
<td>
<a href="https://crits.github.io/" target="_blank">CRITS</a>
@ -1071,6 +1079,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly
Python script that allows to query multiple online threat aggregators from a single interface.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/TheHive-Project/Hippocampe" target="_blank">Hippocampe</a>
</td>
<td>
Hippocampe aggregates threat feeds from the Internet in an Elasticsearch cluster. It has a REST API which allows to search into its 'memory'. It is based on a Python script which fetchs URLs corresponding to feeds, parses and indexes them.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/S03D4-164/Hiryu" target="_blank">Hiryu</a>
@ -1127,6 +1143,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly
Jager is a tool for pulling useful IOCs (indicators of compromise) out of various input sources (PDFs for now, plain text really soon, webpages eventually) and putting them into an easy to manipulate JSON format.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/KasperskyLab/klara" target="_blank">KLara</a>
</td>
<td>
KLara, a distributed system written in Python, allows researchers to scan one or more Yara rules over collections with samples, getting notifications by e-mail as well as the web interface when scan results are ready.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/TAXIIProject/libtaxii" target="_blank">libtaxii</a>
@ -1159,6 +1183,14 @@ All kinds of tools for parsing, creating and editing Threat Intelligence. Mostly
Machinae is a tool for collecting intelligence from public sites/feeds about various security-related pieces of data: IP addresses, domain names, URLs, email addresses, file hashes and SSL fingerprints.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/silascutler/MalPipe" target="_blank">MalPipe</a>
</td>
<td>
Amodular malware (and indicator) collection and processing framework. It is designed to pull malware, domains, URLs and IP addresses from multiple feeds, enrich the collected data and export the results.
</td>
</tr>
<tr>
<td>
<a href="https://github.com/MISP/misp-workbench" target="_blank">MISP Workbench</a>