Showing posts with label threat hunting. Show all posts
Showing posts with label threat hunting. Show all posts

Monday, September 10, 2018

Free and open-source threat intelligence Feeds / Tools / Frameworks

GOSINT:
              framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).

GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence.

Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behavior. The framework is written in Go with a JavaScript frontend.



 Download Link : https://github.com/ciscocsirt/gosint / https://gosint.readthedocs.io/en/latest/index.html

Threatfeeds.io:

                           It's a another Free and open-source threat intelligence feeds.


Ref Link : https://threatfeeds.io/

Yeti:
       is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables (e.g. resolve domains, geolocate IPs) so that you don't have to. Yeti provides an interface for humans (shiny Bootstrap-based UI) and one for machines (web API) so that your other tools can talk nicely to it.  


Quick install (the command we all love)
$ curl https://raw.githubusercontent.com/yeti-platform/yeti/master/extras/ubuntu_bootstrap.sh | sudo /bin/bash 

 Ref Link : https://yeti-platform.github.io/

TC ( Threat Connect ) Open: 

                                     is a completely free way for individual researchers to get started with threat intelligence. TC Open allows you to see and share open source threat data, with support and validation from our free community.



  • Access to 100+ open source intelligence feeds (OSINT)
  • Access to threat, incident, and adversary data
  • Ability to collaborate or consume active and historic indicators, incidents, and threats
  • Validate your findings with peers in the ThreatConnect Common Community
ThreatConnect wants as many cyber professionals to get into the habit of sharing threat data and intelligence with one another as possible. Together, we are much stronger and more likely to thwart adversaries. We created TC Open to be a completely free, non-threatening way to get started. It is perfect for individual researchers who are just starting and experienced professionals, alike.

Request Link : https://www.threatconnect.com/free/