There are 11 repositories under threat-sharing topic.
Defund the Police.
Your Everyday Threat Intelligence
Extract and aggregate threat intelligence.
Advanced Sysmon ATT&CK configuration focusing on Detecting the Most Techniques per Data source in MITRE ATT&CK, Provide Visibility into Forensic Artifact Events for UEBA, Detect Exploitation events with wide CVE Coverage, and Risk Scoring of CVE, UEBA, Forensic, and MITRE ATT&CK Events.
Defanged Indicator of Compromise (IOC) Extractor.
Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension
Personal compilation of APT malware from whitepaper releases, documents and own research
A (nearly) production ready Dockered MISP
TAXII server implementation in Python from EclecticIQ
CIF v3 -- the fastest way to consume threat intelligence
Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing
Simple, effective, and modular package for parsing observables (indicators of compromise (IOCs), network data, and other, security related information) from text. It uses grammars rather than regexes which makes it more readable, maintainable, and hackable. Explore our interactive documentation here: https://hightower.space/ioc-finder/
Automated Docker MISP container - Malware Information Sharing Platform and Threat Sharing
TAXII client implementation from EclecticIQ
Collection of best practices to add OSINT into MISP and/or MISP communities
A utility repo to assist with converting between MISP and STIX formats
Fang and defang indicators of compromise. You can test this project in a GUI here: http://ioc-fanger.hightower.space .
Best practices in threat intelligence
The Project can be used to integrate QRadar with MISP Threat Sharing Platform
DDWPasteRecon tool will help you identify code leak, sensitive files, plaintext passwords, password hashes. It also allow member of SOC & Blue Team to gain situational awareness of the organisation's web exposure on the pastesites. It Utilises Google's indexing of pastesites to gain targeted intelligence of the organisation. Blue & SOC teams can collect and analyse data from these indexed pastesites to better protect against unknown threats.
the fastest way to consume threat intelligence.
The Fastest way to consume Threat Intel
Malicious IP source.
Tracking APT IOCs
A curses-style interface for automatic takedown notification based on MISP events.
A commercial grade threat intelligence feed thats validated and updated every half hour.
Python bindings for Yeti's API
Golang implementation of PyMISP-feedgenerator
Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.
CIFv3 Ubuntu 16.04 Docker Container (Bearded Avenger)
Script to interface MISP with Facebook ThreatExchange