Skip to content

reed1713/Vetted

Repository files navigation

Vetted

Currently being developed on ubuntu 14.04 using postgres 9.4 and flask.

Overview

The idea behind this project is to create a simple indicator management app that is able to provide security analysts with a workflow to easily research, create, contextualize, and store threat detections. Once those detections have been vetted, they are available via api in the below json format, which could then be pulled down to a detection device for consumption. For more info check out the documentation.html page found in the welcome template dir.

JSON format

{
  "created_date": "", 
  "indicators": [
    {
    ""
    }, 
  ],
  "notes": "",
  "priority": "", 
  "source": "", 
  "tags": [
    ""
  ],
  "type_hash": ""
}

Detection types

Supported detection types: 'Bro Intel', 'Snort_Suricata', 'Yara Binary', 'Yara Memory'.

API clients

Bro Intel, Snort_Suricata, Yara Memory/Binary. Tested and working on Security Onion and Cuckoo sandbox

Installing

Getting this spun up is a manual process. For more info check out the INSTALL doc.

Misc

  • Auto converts pdfs, and cleans docx and html file types before scraping atomic indicators from those sources for the Bro Intel detection type. Also scrapes keywords, which are added as tags to the associated detection object(s).

  • research module has an rss and atom feed parser.

  • RBAC: admin, user

Screenshots

welcome feeds auto_create manual vetted editintel

To do:

  • more research modules: better integration with Cuckoo, VT hunt notifications
  • robust settings: API config, push rules, general settings
  • task queue
  • easy install script

Feel free to contact me if you have any questions or feedback.

reed3276@gmail.com @reed1713

About

Indicator management app

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages