Awesome-Mirrors/awesome-threat-intelligence
1
0
Fork 0
mirror of https://github.com/hslatman/awesome-threat-intelligence.git synced 2024-10-01 05:45:38 -04:00
Code Issues Packages Projects Releases Wiki Activity
A curated list of Awesome Threat Intelligence resources
16 Commits 3 Branches 0 Tags 19 MiB
Markdown 100%
1f9ecd1f55
Go to file
Herman Slatman 1f9ecd1f55 Numerous additions to tools
2015-12-31 12:55:26 +01:00
.gitignore Add a gitignore; now .idea blacklisted only 2015-12-28 16:50:59 +01:00
LICENSE Initial commit 2015-12-21 12:31:04 +01:00
README.md Numerous additions to tools 2015-12-31 12:55:26 +01:00

README.md

awesome-threat-intelligence

A curated list of Awesome Threat Intelligence resources

Sources

Standards

CybOX The Cyber Observable eXpression (CybOX) language provides a common structure for representing cyber observables across and among the operational areas of enterprise cyber security that improves the consistency, efficiency, and interoperability of deployed tools and processes, as well as increases overall situational awareness by enabling the potential for detailed automatable sharing, mapping, detection, and analysis heuristics.
STIX The Structured Threat Information eXpression (STIX) language is a standardized construct to represent cyber threat information. The STIX Language intends to convey the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, and automatable.
TAXII The Trusted Automated eXchange of Indicator Information (TAXII) standard defines a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organization and product/service boundaries. TAXII defines concepts, protocols, and message exchanges to exchange cyber threat information for the detection, prevention, and mitigation of cyber threats.
MAEC The Malware Attribute Enumeration and Characterization (MAEC) projects is aimed at creating and providing a standardized language for sharing structured information about malware based upon attributes such as behaviors, artifacts, and attack patterns.

Frameworks and Platforms

CRITS CRITS is a platform that provides analysts with the means to conduct collaborative research into malware and threats. It plugs into a centralized intelligence data repository, but can also be used as a private instance.
MANTIS The Model-based Analysis of Threat Intelligence Sources (MANTIS) Cyber Threat Intelligence Management Framework supports the management of cyber threat intelligence expressed in various standard languages, like STIX and CybOX. It is *not* ready for large-scale production though.
CIF The Collective Intelligence Framework (CIF) allows you to combine known malicious threat information from many sources and use that information for IR, detection and mitigation. Code available on GitHub.
IntelMQ IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.
MISP The Malware Information Sharing Platform (MISP) is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and malware analysis.
OpenIOC OpenIOC is an open framework for sharing threat intelligence. It is designed to exchange threat information both internally and externally in a machine-digestible format.
OTX - Open Threat Exchange AlienVault Open Threat Exchange (OTX) provides open access to a global community of threat researchers and security professionals. It delivers community-generated threat data, enables collaborative research, and automates the process of updating your security infrastructure with threat data from any source.
TARDIS The Threat Analysis, Reconnaissance, and Data Intelligence System (TARDIS) is an open source framework for performing historical searches using attack signatures.
ThreatCrowd is a system for finding and researching artefacts relating to cyber threats.
ThreatExchange Facebook created ThreatExchange so that participating organizations can share threat data using a convenient, structured, and easy-to-use API that provides privacy controls to enable sharing with only desired groups. This project is still in beta.
XFE - X-Force Exchange The X-Force Exhange (XFE) by IBM XFE is a free SaaS product that you can use to search for threat intelligence information, collect your findings, and share your insights with other members of the XFE community.

Tools

Combine Combine gathers Threat Intelligence Feeds from publicly available sources.
IOC Editor A free editor for Indicators of Compromise (IOCs).
ioc_writer Provides a python library that allows for basic creation and editing of OpenIOC objects.
threataggregator ThreatAggregrator aggregates security threats from a number of online sources, and outputs to various formats, including CEF, Snort and IPTables rules.
ThreatTracker A Python script designed to monitor and generate alerts on given sets of IOCs indexed by a set of Google Custom Search Engines.
tiq-test The Threat Intelligence Quotient (TIQ) Test tool provides visualization and statistical analysis of TI feeds.

Research