iocmap
Indicator of Compromise Mapping Service
Introduction
iocmap is Indicator of Compromise Mapping platform to facilitate Dynamic Threat Intelligence process within an organization.
The main purpose of the project is to provide a service to aim Incident Response Process with fast process of:
- Performing individual IOC characteristic mapping to known/existing Indicators of Compromise. The input can be provided in form of an IP address, a hash, a URL, a process of executable name, and so on.
The output of indicators of compromise can be produced in form of: ..* snort rule(s) ..* Yara rule(s) ..* OpenIOC documents ..* CyBOX ..* Esper rule(s)
-
Performing lookup of IOC indicators within raw data sets, such as passiveDNS mappings, passive HTTP traffic, splunk logs, ElasticSearch stored logs and so on.
-
Facilitating IOC sharing and implementing IOC sharing policies.
Installation
To be completed
Related Projects
http://cybox.mitre.org/ https://github.com/CybOXProject/Tools https://github.com/CybOXProject/openioc-to-cybox Mitre CAPEC: http://capec.mitre.org/ Mitre STIX: http://stix.mitre.org/ Mitre TAXII http://taxii.mitre.org/
https://github.com/STIXProject/openioc-to-stix https://github.com/tklane/openiocscripts
Mantis Threat Intelligence Framework https://github.com/siemens/django-mantis.git Mantis supports STIX/CybOX/IODEF/OpenIOC etc via importers: https://github.com/siemens/django-mantis-openioc-importer
Search splunk data for IOC indicators: https://github.com/technoskald/splunk-search
- Online Sharing of IOCs
FAQ
- What is IOC?