thalesgroup-cert / Watcher
Licence: agpl-3.0
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Stars: ✭ 324
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Watcher
Ioc Explorer
Explore Indicators of Compromise Automatically
Stars: ✭ 73 (-77.47%)
Mutual labels: incident-response, cybersecurity, threat-hunting, threat-intelligence
YAFRA
YAFRA is a semi-automated framework for analyzing and representing reports about IT Security incidents.
Stars: ✭ 22 (-93.21%)
Mutual labels: incident-response, cybersecurity, threat-hunting, threat-intelligence
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+12.04%)
Mutual labels: incident-response, threat-hunting, threat-intelligence
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-67.59%)
Mutual labels: incident-response, threat-hunting, threat-intelligence
Patrowlengines
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-50%)
Mutual labels: incident-response, threat-hunting, threat-intelligence
Analyst Arsenal
A toolkit for Security Researchers
Stars: ✭ 112 (-65.43%)
Mutual labels: cybersecurity, threat-hunting, threat-intelligence
Osweep
Don't Just Search OSINT. Sweep It.
Stars: ✭ 225 (-30.56%)
Mutual labels: cybersecurity, threat-hunting, threat-intelligence
Intelowl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
Stars: ✭ 2,114 (+552.47%)
Mutual labels: incident-response, threat-hunting, threat-intelligence
Besafe
BeSafe is robust threat analyzer which help to protect your desktop environment and know what's happening around you
Stars: ✭ 21 (-93.52%)
Mutual labels: cybersecurity, threat-hunting, threat-intelligence
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (-91.05%)
Mutual labels: cybersecurity, threat-hunting, threat-intelligence
Malware-Sample-Sources
Malware Sample Sources
Stars: ✭ 214 (-33.95%)
Mutual labels: cybersecurity, threat-hunting, threat-intelligence
Azure-Sentinel-4-SecOps
Microsoft Sentinel SOC Operations
Stars: ✭ 140 (-56.79%)
Mutual labels: incident-response, threat-hunting, threat-intelligence
Patrowlhears
PatrowlHears - Vulnerability Intelligence Center / Exploits
Stars: ✭ 89 (-72.53%)
Mutual labels: cybersecurity, threat-hunting, threat-intelligence
Malware Feed
Bringing you the best of the worst files on the Internet.
Stars: ✭ 69 (-78.7%)
Mutual labels: cybersecurity, threat-hunting, threat-intelligence
Misp
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
Stars: ✭ 3,485 (+975.62%)
Mutual labels: cybersecurity, threat-hunting, threat-intelligence
Mthc
All-in-one bundle of MISP, TheHive and Cortex
Stars: ✭ 134 (-58.64%)
Mutual labels: incident-response, threat-hunting, threat-intelligence
ThePhish
ThePhish: an automated phishing email analysis tool
Stars: ✭ 676 (+108.64%)
Mutual labels: incident-response, cybersecurity, threat-intelligence
MindMaps
#ThreatHunting #DFIR #Malware #Detection Mind Maps
Stars: ✭ 224 (-30.86%)
Mutual labels: incident-response, threat-hunting, threat-intelligence
AutonomousThreatSweep
Threat Hunting queries for various attacks
Stars: ✭ 70 (-78.4%)
Mutual labels: cybersecurity, threat-hunting, threat-intelligence
IronNetTR
Threat research and reporting from IronNet's Threat Research Teams
Stars: ✭ 36 (-88.89%)
Mutual labels: threat-hunting, threat-intelligence
Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation.
It should be used on webservers and available on Docker.
Watcher capabilities
- Detecting emerging cybersecurity trends like new vulnerabilities, malwares... Via social networks & other RSS feeds (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au...).
- Monitor for information leaks, for example in Pastebin & other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm...).
- Monitor malicious domain names for changes (IPs, mail/MX records, web pages using TLSH).
- Detecting suspicious domain names targeting your organisation, using dnstwist.
Useful as a bundle regrouping threat hunting/intelligence automated features.
Additional features
- Create cases on TheHive and events on MISP.
- Integrated IOCs export to TheHive and MISP.
- LDAP & Local Authentication.
- Email notifications.
- Ticketing system feeding.
- Admin interface.
- Advance users permissions & groups.
Involved dependencies
Screenshots
Watcher provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Watcher usage and to monitor its status.
Threats detection
Data leaks
Malicious domain names monitoring
IOCs export to TheHive & MISP
Suspicious domain names detection
Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: Users management, user group management, Watcher configuration, usage logs...
Admin interface
Installation
Create a new Watcher instance in ten minutes using Docker (see Installation Guide).
Platform architecture
Get involved
There are many ways to getting involved with Watcher:
- Report bugs by opening Issues on GitHub.
- Request new features or suggest ideas (via Issues).
- Make pull-requests.
- Discuss bugs, features, ideas or issues.
- Share Watcher to your community (Twitter, Facebook...).
Pastebin compliant
In order to use Watcher pastebin API feature, you need to subscribe to a pastebin pro account and whitelist Watcher public IP (see https://pastebin.com/doc_scraping_api).
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].