My dissertation has as its content the collection of CTI data from multiple sources, the conversion of this data into STIX2 format, their entry into a database, their analysis in terms of quality criteria, and finally their classification into basic categories of cyber threats and stages of Kill Chain(KC).

CTI Reporter is a small flask wiki to help index threat intelligence data

Python scripts to query ATT&CK dataset with STIX2

Cyber Intelligence Tool

This script searches messages containing specified search terms in Telegram channels the user is a member of. Saves the results into a file. Then uploads the file and sends an alert to a Slack channel.

T-Pot Attack Map that follows ES honeypot events within T-Pot and parses IPs, ports and honeypot info to visualize events in real time.

Python script for ingesting IOCs from PRODAFT USTA to Azure Sentinel

Various scripts and tools to monitor a MISP instance

Telegram channels monitoring

Observables analysis and enrichment for Colander

Implementação do projeto final 2. cognoscere do latim, conhecer, e minacia, do latim, ameaça. Ferramenta que tem como objetivo medir o nível de interesse de threat actors em fóruns da deep/dark web que estejam a procura de exploits.

Watcher is a solution that integrates with security products using IoC (Indicator of Compromise) information gathered through the OpenCTI platform. This integration makes it possible to detect and respond to threats faster.

TAXII docker image for Datalake feed ingestion

Teams Notification on closed PR

ttpnav is a Python library that simplifies navigating MITRE ATT&CK data, enabling users to effortlessly retrieve comprehensive information about specific techniques with a single query. It provides details on mitigations, detections, procedure examples, groups, and related software/tools, streamlining cybersecurity analysis.

network visibility CTI DFIR (host kubernetes docker LXC)

A tool designed to help writing and updating YARA rules.

A bot to quickly get information about an IP, useful to get threat intelligence informations for blue team.

Repositório criado para compartilhar ferramentas utilizadas para caça a ameaças (CTI) sobre atores de ameaças e enriquecimento de IOCs coletadas destes.