Search: [correlation]

MISP Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing https://www.misp-project.org/

Mon 13 Jan 2025 12:41:40 PM PST

An open source threat intel and sharing platform. Lots of ad-hoc visualization methods are available to make sense of data. Includes lots of taxonomies to organize data and do some of the work for you.

You can store your IOCs in a structured manner, and thus enjoy the correlation, automated exports for IDS, or SIEM, in STIX or OpenIOC and synchronize to other MISPs. You can now leverage the value of your data without effort and in an automated manner. The primary goal of MISP is to be used. This is why simplicity is the driving force behind the project. Storing and especially using information about threats and malware should not be difficult. MISP is there to help you get the maximum out of your data without unmanageable complexity. MISP will make it easier for you to share with, but also to receive from trusted partners and trust-groups. Sharing also enabled collaborative analysis and prevents you from doing the work someone else already did before.

Threat Intelligence is much more than Indicators of Compromise. This is why MISP provides metadata tagging, feeds, visualization and even allows you to integrate with other tools for further analysis thanks to its open protocols and data formats. Having access to a large amount of Threat information through MISP Threat Sharing communities gives you outstanding opportunities to aggregate this information and take the process of trying to understand how all this data fits together telling a broader story to the next level. We are transforming technical data or indicators of compromise (IOCs) into cyber threat intelligence. MISP comes with many visualization options helping analysts find the answers they are looking for.

Github: https://github.com/MISP/

Of interest:

MISP/MISP is the core platform (the analytics and dashboard part)
MISP/misp-galaxy looks like the correlation engine
MISP/PyMISP is the supported Python module for interacting with the API
MISP/misp-taxonomies are used for organizing information
MISP/misp-galaxy does the work of clustering data points to find patterns
MISP/misp-modules are additional functional units (because of course there are)
MISP/misp-warninglists looks like sets of known false positives for cutting things down a bit.

There are more repos but I haven't gone through them yet.

DataSploit/datasploit https://github.com/DataSploit/datasploit

Tue 10 Apr 2018 08:51:55 PM PDT

A tool which digs up OSINT on a target. Domain names, usernames, phones, credentials API keys, and correlates them. Performs active scans to collect data. Generates HTML, JSON, plain text reports.

Links per page

Filters