142 Open source projects that are alternatives of or similar to best-practices-in-threat-intelligence

A collaborative platform for creating, editing and sharing JSON objects.

Powerful plugins and add-ons for hackers

Sysmon configuration file template with default high-quality event tracing

This is a project of "#Twiti: Social Listening for Threat Intelligence" (TheWebConf 2021)

Build Automated Machine Images for MISP

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

Public Repository of Open Source Tools for Cyber Threat Intelligence Analysts and Researchers

D4 core software (server and sample sensor client)

Interactive Threat Intelligence Bot that leverages serverless framework, AWS/GCP, and Slack

本项目致力于收集网上公开来源的威胁情报，主要关注信誉类威胁情报（如IP/域名等），以及事件类威胁情报。

A Lambda-powered Security Orchestration framework for AWS GuardDuty

#ThreatHunting #DFIR #Malware #Detection Mind Maps

Archive of publicly available threat INTel reports (mostly APT Reports but not limited to).

The OSINT Omnibus (beta release)

Elemental - An ATT&CK Threat Library

github.com/MISP/MISP

Personal compilation of APT malware from whitepaper releases, documents and own research

Sandia Cyber Omni Tracker (SCOT)

Hashes of infamous malware

Microsoft Sentinel SOC Operations

Modules for expansion services, import and export in MISP

Warning lists to inform users of MISP about potential false-positives or other information in indicators

Python library using the MISP Rest API

Exporting MISP event attributes to yara rules usable with Thor apt scanner

Awesome collection of great and useful resources concerning intelligence writing such as manuals/guides, standards, books, and articles

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

Detection of phishing domains and domain squatting. Supports permutations such as homograph attack, typosquatting and bitsquatting.

Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

All-in-one bundle of MISP, TheHive and Cortex

A helper to run OSINT queries & manage results continuously

The CyberCX Digger project is designed to help Australian organisations determine if they have been impacted by certain high profile cyber security incidents. Digger provides threat hunting functionality packaged in a simple-to-use tool, allowing users to detect certain attacker activities; all for free.

Don't Just Search OSINT. Sweep It.

Intelligent threat hunter and phishing servers

An authoritative list of awesome devsecops tools with the help from community experiments and contributions.

TheHive: a Scalable, Open Source and Free Security Incident Response Platform

CIFv3 DeploymentKit

Threat Hunting queries for various attacks

No description or website provided.

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.

Find phishing kits which use your brand/organization's files and image.

Authors

Monitor certificates generated for specific domain strings and associated, store data into sqlite3 database, alert you when sites come online.

🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more

PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform

A toolkit for Security Researchers

Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

This project is a SIEM with SIRP and Threat Intel, all in one.

Real-time HTTP Intrusion Detection

Signature base for my scanner tools

Python3 library and command line for GreyNoise

Intelligence and Reconnaissance Package/Bundle installer.

The Ultimate OSINT and Threat Hunting Framework

CIF v3 -- the fastest way to consume threat intelligence

Explore Indicators of Compromise Automatically

Capture passwords of login attempts on non-existent and disabled accounts.

Threat Feed Aggregation, Made Easy

OpenCTI Python Client

OSINT Threat Intel Interface - CLI for HoneyDB

The FASTEST way to consume threat intel.