misp

There are 11 repositories under misp topic.

• MISP / MISP

  MISP (core software) - Open Source Threat Intelligence and Sharing Platform

  mispthreat-sharingthreat-huntingthreatintelmalware-analysisstixinformation-exchangefraud-managementsecuritycticybersecurityfraud-detectionfraud-preventionthreat-analysisinformation-securityinformation-sharingthreat-intelligencethreat-intelligence-platformintelligencethreat-intel
  Language:PHP 4977
• TheHive

  TheHive-Project / TheHive

  TheHive: a Scalable, Open Source and Free Security Incident Response Platform

  mispsecurity-incidentsanalyzeriocsthehivedigital-forensicsincident-responserestapiscalainvestigationsdfirfreeopen-sourceplatformcortexagplv3orchestrationincident-managementincident-response-tooling
  Language:Scala 3214

• eset / malware-ioc

  Indicators of Compromises (IOC) of our various investigations

  iocmalwareyaramisp
  Language:YARA 1503
• ThePhish

  emalderson / ThePhish

  ThePhish: an automated phishing email analysis tool

  emaildetectionmalwarephishingcybersecuritymispthehivethehive4thehive4pyindicators-of-compromisecyberdefensephishing-detectionpythonincident-responsefreedigital-forensicsthreat-intelligencewebappattackscript
  Language:Python 1043

• Bert-JanP / Hunting-Queries-Detection-Rules

  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

  azuredefender-for-endpointdfirkqlsentinelthreat-huntingvulnerability-managementzero-dayblueteamcybersecuritymdemdiinfosecsecuritymisp
  Language:Python 995
• Watcher

  thalesgroup-cert / Watcher

  Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

  cybersecuritythreat-huntingdjangoreactjsrss-bridgemispthehivesecurityincident-responsethreat-detectionthreat-intelligencenltkwatchercertificate-transparencycertstreamosintosint-pythonwebappmonitoringphishing
  Language:Python 794

• InQuest / ThreatIngestor

  Extract and aggregate threat intelligence.

  dfirfraud-detectionindicators-of-compromiseintelligence-gatheringiocmalware-researchmisposintsecurity-toolssoarthreat-analysisthreat-feedsthreat-huntingthreat-intelligencethreat-intelligence-platformthreat-sharingthreatintelyara
  Language:Python 781

• MISP / misp-galaxy

  Clusters and elements to attach to MISP events or attributes (like threat actors)

  adversariesadversary-groupsattack-patternonclassificationinformation-exchangemalwaremispmisp-galaxymitre-adversarial-tacticsstixthreat-actorsthreat-huntingthreat-intelligence
  Language:Python 481

• MISP / misp-warninglists

  Warning lists to inform users of MISP about potential false-positives or other information in indicators

  dfirfalse-positivemispmisp-warninglistsnetwork-forensicsthreat-intelligence
  Language:Python 475

• Bert-JanP / Open-Source-Threat-Intel-Feeds

  This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

  c2iociocfeedmalwaremispphishingthreat-huntingthreat-intelligence
  Language:Python 449

• MISP / PyMISP

  Python library using the MISP Rest API

  apiapi-clientmispthreat-sharingthreatintel
  Language:Python 420
• TheHiveDocs

  TheHive-Project / TheHiveDocs

  Documentation of TheHive

  administration-guideanalystanalyzerapicortexdfirdigital-forensicsdocumentationfreefree-softwareincident-responseiocsmispopen-sourceplatformrestsecurity-incidentsthehivethehive-project
  389

• V1D1AN / S1EM

  This project is a SIEM with SIRP and Threat Intel, all in one.

  kibanaelasticsearchlogstashfilebeatsuricatazeekopenctimispmalwaresigmathehivedockercortexarkimemwdbn8nzircoliteyaravelociraptor
  Language:Shell 386

• cloudtracer / ThreatPinchLookup

  Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

  passivetotalcveosintthreatintelthreat-huntingchrome-extensionsecurityvirustotalthreatminercirclalienvaultdfircensysmispcertwhoisincident-responseshodanibm-xforcethreat-sharing
  Language:HTML 333

• MISP / misp-modules

  Modules for expansion services, enrichment, import and export in MISP and other tools.

  misp-modulesmispexpansionpassivetotaldomaintoolspassive-dnsthreat-intelligenceosintctienrichment
  Language:Python 324

• OpenCTI-Platform / connectors

  OpenCTI Connectors

  cybersecurityctithreat-intelligencemispmitre-attack
  Language:Python 321

• MISP / x_old_misp_docker

  MISP Docker (XME edition)

  mispmisp-docker
  Language:Shell 283

• tenzir / threatbus

  🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

  threat-intelligencethreatintelthreat-huntingidszeekmispopenctiopencti-connectorsightingsthreat-busthreat-intelligence-datacif3cif
  Language:Python 255

• MISP / misp-book

  User guide of MISP

  mispdocumentationmisp-bookinformation-exchangeinformation-sharing
  Language:Shell 242

• coolacid / docker-misp

  A (nearly) production ready Dockered MISP

  mispdockersecuritysecurity-toolsthreat-sharingthreat-intelligence
  Language:Shell 226
• awesome-lists

  mthcht / awesome-lists

  Security lists for SOC detections

  blueteamhacktoolskeywordslistoffensive-securitypurpleteamredteamsecuritysocawesomeawesome-listawesome-listsctiiocmispopen-source
  Language:PowerShell 202

• MISP / misp-dashboard

  A live dashboard for a real-time overview of threat intelligence from MISP instances

  mispcybersecuritycyber-securitythreatintelthreat-intelligencedashboard
  Language:JavaScript 188

• harvard-itsecurity / docker-misp

  Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

  mispdockerhubsecurityinformation-securitythreat-sharingmalwaremalware-analysisthreat-intelligence
  Language:Dockerfile 173
• mthc

  pe3zx / mthc

  All-in-one bundle of MISP, TheHive and Cortex

  mispthehive-projectcortexthreat-intelligencethreat-huntingincident-responseincident-managementioc-frameworkdfirthehive
  168

• MISP / MISP-maltego

  Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.

  mispmaltegomisp-maltegoattackmitre-attacktransformpivotingvisualisationgraphanalysisthreat-intelligencethreat-intel
  Language:Python 165

• MISP / misp-playbooks

  MISP Playbooks

  mispplaybooksmisp-playbookscticyber-securitythreat-intelligence
  Language:Jupyter Notebook 151

• davidonzo / Threat-Intel

  Threat-Intel repository. API: https://github.com/davidonzo/apiosintDS

  threat-intelligencecybersecurityincident-response-servicemispstixstix2taxiitaxii2cyboxmisp-feedthreat-intelmalware-analisys-labosint
  Language:Python 137

• tylabs / dovehawk

  Dovehawk is a Zeek module that automatically imports MISP indicators and reports Sightings

  bro-idsmispmisp-sightingsthreat-huntingthreat-intelligencezeekzeek-ids
  Language:Zeek 122

• MISP / docker-misp

  Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing

  dockerhubinformation-securitymalwaremalware-analysismispsecuritythreat-intelligencethreat-sharing
  Language:Dockerfile 102

• MISP / misp-objects

  Definition, description and relationship types of MISP objects

  information-exchangeinformation-sharingmispmisp-objects
  Language:Python 88

• cerebrate-project / cerebrate

  Cerebrate is an open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools.

  cerebratecerebrate-projectinformation-sharingmispsecurity-automation
  Language:PHP 79

• MISP / MISP-Taxii-Server

  An OpenTAXII Configuration for MISP

  misptaxii-servertaxii-hooksinformation-exchangeinformation-sharingstix
  Language:Python 79
• sigmai

  0xThiebaut / sigmai

  Import specific data sources into the Sigma generic and open signature format.

  securitymonitoringsiemloggingsignaturesidsmispsigma
  Language:Go 75
• SyntheticSun

  jonrau1 / SyntheticSun

  SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

  threat-intelligencemachine-learninganomaly-detectionaws-securityaws-serverlessserverlessautomationgeolocationthreat-detectionguarddutysecurity-automationsecurity-toolsawssagemakerincident-responsekibanaelasticsearchdata-sciencedata-visualizationmisp
  Language:Python 74

• conix-security / BTG

  BTG's purpose is to make fast and efficient search on IOC

  iocmispvirustotal
  Language:Python 71

• MISP / misp-cloud

  misp-cloud - Cloud-ready images of MISP

  mispmisp-cloud
  Language:Shell 69