Blue Team Auxiliary Script
BTAS is a browser auxiliary script developed for Security Operations Center (SOC) analysts, designed to fully simplify workflows and significantly enhance efficiency. The script runs on the Tampermonkey extension and integrates multiple practical functions, including rapid response, threat intelligence search, log parsing, and automation, greatly improving the efficiency of analysts.
You can install and update the BTAS script using Greasy Fork by clicking the following links:
- Quick Reply: Comes with over 10 preset reply templates for common scenarios, supports one-click quick replies, and allows for custom reply content.
- Convenience Menu: Integrates shortcuts for over 10 commonly used tools such as JIRA Search, VirusTotal, AbuseIPDB, and Base64 decoding.
- Anomaly Detection: Detects based on over 400 keyword rules and more than 50 abnormal behaviors, improving analysis accuracy and ensuring no major security alerts are missed.
- Log Parsing: Supports parsing log formats from 19 mainstream security and cloud products (e.g., Cortex XDR, Microsoft Endpoint Defender, and Azure Cloud), covering about 80% of ticket scenarios. It quickly parses raw logs and generates alert summary information for customers; it also integrates a one-click jump function to security platforms, eliminating the need for repeated logins.
- Important Field Check: Checks the Organization field and ATT&CK field to ensure tickets are correctly categorized.
- Prompt Sound Notification: Monitors ticket lists in real-time and plays a notification sound for new or updated tickets, prompting analysts to handle them promptly and minimizing omissions.
- Ticket Tracking: Provides visual reminders for tickets that have not been processed or responded to for a long time (time threshold can be set), ensuring all tickets are handled in a timely manner.
- Reminders: Analysts will be prompted with relevant information when opening specific ticket pages, including customer requirements and SOPs, guiding standardized operations.
- Reminders Management System: Features a backend visual management system where administrators can efficiently add, edit, query, and delete reminders, and provides an audit log function. The system supports matching rules based on 10 different fields, such as customer name, event type, and specific keywords, and has added nearly 100 reminder items.
- Multiple Project Support: Currently implemented in projects in Hong Kong, Shanghai, and Macau, improving the efficiency of the entire SDC Cyber Team.
Barry, Jack, Xingyu, Mike
License: Apache License 2.0