fhightower / ioc-finder
Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/
☆164Updated last year
Alternatives and similar repositories for ioc-finder:
Users that are interested in ioc-finder are comparing it to the libraries listed below
- A python app to predict Att&ck tactics and techniques from cyber threat reports☆119Updated last year
- Threat Report ATT&CK™ Mapping (TRAM) is a tool to aid analyst in mapping finished reports to ATT&CK.☆349Updated 3 years ago
- Definition, description and relationship types of MISP objects☆96Updated this week
- A tool to extract structured cyber information from incident reports.☆80Updated 6 years ago
- A (nearly) production ready Dockered MISP☆231Updated last year
- Sigma rules from Joe Security☆207Updated 4 months ago
- SIEGMA - Transform Sigma rules into SIEM consumables☆149Updated 3 weeks ago
- Knowledge base workflow management for YARA rules and C2 artifacts (IP, DNS, SSL) (ALPHA STATE AT THE MOMENT)☆100Updated 2 months ago
- Tool to extract indicators of compromise from security reports in PDF format☆71Updated 9 months ago
- Sigma Detection Rule Repository☆87Updated 4 years ago
- Data from a BRAWL Automated Adversary Emulation Exercise☆205Updated 4 years ago
- Seamless Threat Intelligence Platform☆47Updated last year
- MISP Docker (XME edition)☆282Updated last year
- ☆160Updated 4 years ago
- Repository containing IOCs, CSV and MISP JSON from our blogs☆80Updated 3 years ago
- SIGMA UI is a free open-source application based on the Elastic stack and Sigma Converter (sigmac)☆186Updated 3 years ago
- OASIS TC Open Repository: Lightweight visualization for STIX 2.0 objects and relationships☆147Updated 3 months ago
- Tools to interact with APTnotes reporting/index.☆100Updated 4 years ago
- Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing☆105Updated last year
- Defanged Indicator of Compromise (IOC) Extractor.☆524Updated 7 months ago
- Security ML models encoded as Yara rules☆215Updated last year
- IOC from articles, tweets for archives☆313Updated last year
- ☆172Updated 9 months ago
- A Splunk App containing Sigma detection rules, which can be updated from a Git repository.☆108Updated 5 years ago
- 🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.☆261Updated 2 years ago
- This script scans the files extracted by Zeek with YARA rules located on the rules folder on a Linux based Zeek sensor, if there is a mat…☆61Updated last year
- A CALDERA plugin☆76Updated 3 weeks ago
- Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .☆60Updated last year
- Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets☆137Updated 4 years ago
- Personal compilation of APT malware from whitepaper releases, documents and own research☆260Updated 6 years ago