Robert Nixon's repositories
MISP-QRADAR-REFERENCE-SET-BUILDER
Pulls IOCs from MISP and adds the to reference sets in QRadar
sec-vault-gen
Python utility to generate filesystem content for Obsidian.
sightingdb
SightingDB is a database for Sightings
AIL-framework
AIL framework - Analysis Information Leak framework
chepy
Chepy is a python lib/cli equivalent of the awesome CyberChef tool.
Cortex-Analyzers
Cortex Analyzers Repository
DetectionLab
Automate the creation of a lab environment complete with security tooling and logging best practices
DetectionLabELK
DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
DocIntel
Open Source Platform for storing, organizing, and searching documents related to cyber threats
MISP
MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
MISP-maltego
Set of Maltego transforms to inferface with a MISP instance
misp-modules
Modules for expansion services, import and export in MISP
misp-playbooks
MISP Playbooks
misp-taxonomies
Taxonomies used in MISP taxonomy system and can be used by other information sharing tool.
MISP-TIE
Integration between MISP platform and McAfee Threat Intelligence Exchange
misp-warninglists
Warning lists to inform users of MISP about potential false-positives or other information in indicators
misp-website
MISP website (hugo-based)
misp-workflow-blueprints
Library of blueprints usable in MISP Workflows
paradigm
Paradigm is an open source tool that looks at your network landscape and determines what is actually accessible via the internet.
pptxurlcheck
Parse a PowerPoint PPTX file, extracting all URL's from notes and slides, and test for validity
soc_workflow_app_ce
SOC Workflow App helps Security Analysts and Threat Hunters explore suspicious events, look into raw events arriving at the Elastic Stack, and view Saved Searches configured by teammates.
sof-elk
Configuration files for the SOF-ELK VM, used in SANS FOR572
sysmon-config
Sysmon configuration file template with default high-quality event tracing
tbat
Threat Box Assessment Tool
ThreatIntelligenceDiscordBot
Gets updates from various clearnet domains and ransomware threat actor domains
Ultimate-Forensics-VM
Evolving directions on building the best Open Source Forensics VM