TheHive is a scalable 3-in-1 open source and free Security Incident Response Platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. It is the perfect companion to MISP. You can synchronize it with one or multiple MISP instances to start investigations out of MISP events. You can also export an investigation's results as a MISP event to help your peers detect and react to attacks you've dealt with. Additionally, when TheHive is used in conjunction with Cortex, security analysts and researchers can easily analyze tens if not hundred of observables. Collaboration is at the heart of TheHive. Multiple analysts can work on the same case simultaneously. For example, an analyst may deal with malware analysis while another may work on tracking C2 beaconing activity on proxy logs as soon as IOCs have been added by their coworker. Using TheHive's live stream, everyone can keep an eye on what's happening on the platform, in real time.
misp security-incidents analyzer iocs thehive digital-forensics incident-response rest api investigations analyst dfir free free-software open-source platform misp-events cortex agplv3MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.
misp threat-sharing threat-hunting threatintel malware-analysis stix information-exchange fraud-management tip security cti cybersecurity fraud-detection fraud-prevention threat-analysis information-security information-sharing threat-intelligence threat-intelligence-platform intelligenceHere are indicators of compromise (IOCs) of our various investigations. We are doing this to help the broader security community fight malware wherever it might be. If you would like to contribute improved versions please send us a pull request.
ioc malware misp yaraAnd edit the config.cfg according to your needs.
misp misp-instance misp-api fireeye-alert fireeye threatintel cybersecurity cyberThe document is available in XMind format and the source is available. Fork the project, download the XMind format document, edit the document with XMind, commit and do a pull-request.
osint misp threat-intelligence threat-sharing cyber-securityTheHive is a scalable 4-in-1 open source and free security incident response platform designed to make life easier for SOCs, CSIRTs, CERTs and any information security practitioner dealing with security incidents that need to be investigated and acted upon swiftly. Thanks to Cortex, our powerful free and open source analysis engine, you can analyze (and triage) observables at scale using more than 80 analyzers. Additionally and starting from TheHive 3.1.0, you can actively respond to threats and interact with your constituency and other parties thanks to Cortex responders.
misp security-incidents iocs thehive cortex administration-guide analyzer rest api incident-response digital-forensics analyst dfir free free-software documentation open-source platformThis module installs and configures MISP (Malware Information Sharing Platform) on CentOS 7. It has been tested on Puppet 3.8.7 and with MISP versions 2.4.50 and 2.4.51. This module installs and configures MISP on CentOS 7. It installs all the needed dependencies, configures MISP and starts the services. However it does not set up the database nor the GPG key, that is up to the administrator to do. In addition it does not set up the web server on top of which MISP would run, meaning that Apache, Nginx or another web server of your choice would be needed (nevertheless the module need to know to know the name of the service of the web server (e.g. httpd)).
misp puppetMISP dockerized is a project designed to provide an easy-to-use and easy-to-install 'out of the box' MISP instance that includes everything you need to run MISP with minimal host-side requirements. MISP dockerized uses MISP (Open Source Threat Intelligence Platform - https://github.com/MISP/MISP), which is maintend and developed by the MISP project team (https://www.misp-project.org/).
misp threat-intelligence-platform full-stack misp-docker-environment docker-compose misp-docker docker🌊 Dockerfiles for apps I use
gopkg echoip jq quicksand wfuzz dockerfile ysoserial tor squid fi6s cve-2018-15473 goproxy socksproxy misp whatweb thehive cortex manalyzevolatility-misp is a volatility plugin that allows to pull yara rules from a MISP instance's yara attributes and use them in yarascan.
volatility misp yaraFollowing the Official MISP Ubuntu 18.04 LTS build instructions. We follow the official MISP installation steps everywhere possible, while adding automation around tedious manual steps and configurations.
misp dockerhub security information-security threat-sharing malware malware-analysis threat-intelligenceConnect your mail infrastructure to MISP in order to create events based on the information contained within mails. You should now be able to send your IoC-containing mails to misp_handler@YOURDOMAIN.
misp misp-api threat-hunting threat-intelligence threatintelUser guide for MISP (Malware Information Sharing Platform) - An Open Source Threat Intelligence Sharing Platform. This user guide is intended for ICT professionals such as security analysts, security incident handlers, or malware reverse engineers who share threat indicators using MISP or integrate MISP into other security monitoring tools. The user guide includes day-to-day usage of the MISP's graphical user interface along with its automated interfaces (API), in order to integrate MISP within a security environment. and many other contributors especially the ones during the MISP hackathons.
misp documentation misp-book information-exchange information-sharingThe objective of this project is to deliver cloud-ready images of MISP for testing purposes. The image creation process takes into account security updates of the underlaying Operating System as well of MISP itself, which allows you to use the image in production. That being said, it's highly recommended that you change the credentials associated with MISP, DB and salt that is pre-configured with the images.
misp misp-cloudLegal, procedural and policies document templates for operating MISP and information sharing communities following existing regulations, laws or policies. This repository is a collaborative effort to improve the state of information sharing and exchange within and outside the MISP Project.
misp legal gdpr information-sharing information-exchange cybersecurityA dashboard showing live data and statistics from the ZMQ feeds of one or more MISP instances. The dashboard can be used as a real-time situational awareness tool to gather threat intelligence information. The misp-dashboard includes a gamification tool to show the contributions of each organisations and how they are ranked over time. The dashboard can be used for SOC (Security Operation Center), security team or during cyber exercise to keep track of what's going on your various MISP instances. ⚠️ Make sure no zmq python3 scripts are running. They block the update.
misp cybersecurity cyber-security threatintel threat-intelligence dashboardThe files in this repository are used to create a Docker container running a MISP ("Malware Information Sharing Platform") instance. I rewrote the Docker file to split the components in multiple containers (which is more in the philosophy of Docker).
misp-docker mispMISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish. Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme.
threat-hunting information-exchange misp classification misp-galaxy default-stix-vocabulary threat-actors stix threat-intelligence adversariesMISP modules are autonomous modules that can be used for expansion and other services in MISP. The modules are written in Python 3 following a simple API interface. The objective is to ease the extensions of MISP functionalities without modifying core components. The API is available via a simple REST API which is independent from MISP installation or configuration.
misp-modules misp expansion passivetotal domaintools passive-dns threat-intelligence osintMISP objects used in MISP (starting from 2.4.80) system and can be used by other information sharing tool. MISP objects are in addition to MISP attributes to allow advanced combinations of attributes. The creation of these objects and their associated attributes are based on real cyber security use-cases and existing practices in information sharing. Feel free to propose your own MISP objects to be included in MISP. The system is similar to the misp-taxonomies where anyone can contribute their own objects to be included in MISP without modifying software.
misp misp-objects information-exchange information-sharing
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.