MISP, is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threat about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reverser to support their day-to-day operations to share structured informations efficiently. The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of the information by Network Intrusion Detection System (NIDS), LIDS but also log analysis tools, SIEMs.
misp threat-sharing threat-hunting threatintel malware-analysis stix information-exchange fraud-management tip security cti cybersecurity fraud-detection fraud-prevention threat-analysis information-security information-sharing threat-intelligence threat-intelligence-platform intelligenceSysmonSearch make event log analysis more effective and less time consuming, by aggregating event logs generated by Microsoft's Sysmon. SysmonSearch uses Elasticserach and Kibana (and Kibana plugin).
security elasticsearch kibana sysmon stix stix2The Cyber Threat Intelligence Repository of ATT&CK and CAPEC catalogs expressed in STIX 2.0 JSON. See USAGE for information on using this content with python-stix2. ATT&CK is a catalog of techniques and tactics that describe post-compromise adversary behavior on typical enterprise IT environments. The core use cases involve using the catalog to analyze, triage, compare, describe, relate, and share post-compromise adversary behavior.
stix cti cyber-threat-intelligence attackThis repository contains a prototype analytic translator that converts STIX2 Patterning queries into other query languages, currently ElasticSearch and Splunk. In addition to translating query syntax, the translator will also translate from STIX 2's Data Model to other target data models, currently MITRE's Cyber Analytic Repository (CAR) and Splunk's Common Information Model (CIM). Both the query language translation and the data model translation are implemented as loosely-coupled modules and other targets can be added simply by implementing new modules to generate them. This functionality was originally developed for MITRE's CASCADE project. This repository offers CASCADE's translation capability as a standalone feature, and replaces CASCADE's own domain-specific language (DSL) with STIX 2.0 Patterning.
stixMISP galaxy is a simple method to express a large object called cluster that can be attached to MISP events or attributes. A cluster can be composed of one or more elements. Elements are expressed as key-values. There are default vocabularies available in MISP galaxy but those can be overwritten, replaced or updated as you wish. Existing clusters and vocabularies can be used as-is or as a template. MISP distribution can be applied to each cluster to permit a limited or broader distribution scheme.
threat-hunting information-exchange misp classification misp-galaxy default-stix-vocabulary threat-actors stix threat-intelligence adversariesThis is the open-sourced version of BAE Systems' internal sync script. It's a bit limited, and it isn't perfect, nor is it bug-free. should have you covered. This relies on me actually updating PyPI every time I update the project, so I'd use the git repo wherever possible.
misp stix threat-sharing conversionA set of configuration files to use with EclecticIQ's OpenTAXII implementation, along with a callback for when data is sent to the TAXII Server's inbox. You'll then need to set up your TAXII database. As you're using MISP, you'll likely already have a MySQL environment running.
misp taxii-server taxii-hooks information-exchange information-sharing stixlibstix2 an API for generating JSON based STIX objects and TAXII messages with the Go (Golang) programming language. Please see the examples directory and the README files in each of the sub packages for more information. This API is built to support STIX 2.x and TAXII 2.x.
stix taxiiThis is free software, licensed under the Apache License, Version 2.0. Copyright 2015-2018 Bret Jordan, All rights reserved.
stix taxii taxii-serverstix2-graphics is a collection of icons and diagrams for building training and marketing materials around STIX 2. All graphics in this repo are licensed under the Creative Commons Attribution-ShareAlike (CC BY-SA) License, Version 4.0.
stix taxii graphics iconsCurrently, the basic database design is complete and a first parser for MITRE' STIX and CybOX cyber threat intelligence exchange formats is written. Kraut Salad is supposed to be a proof of concept implementation to determine if a relational database model is feasible or not. Therefore, Kraut Salad only implements a subset of the MITRE standard and still requires some CybOX objects to be implemented. Please refer to requirements.txt for an updated list of required packages.
threat-intelligence stix cybox
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.