Indicator of Compromise Mapping Service
iocmap is Indicator of Compromise Mapping platform to facilitate Dynamic Threat Intelligence process within an organization.
The main purpose of the project is to provide a service to aim Incident Response Process with fast process of:
- Performing individual IOC characteristic mapping to known/existing Indicators of Compromise. The input can be provided in form of an IP address, a hash, a URL, a process of executable name, and so on.
The output of indicators of compromise can be produced in form of: ..* snort rule(s) ..* Yara rule(s) ..* OpenIOC documents ..* CyBOX ..* Esper rule(s)
-
Performing lookup of IOC indicators within raw data sets, such as passiveDNS mappings, passive HTTP traffic, splunk logs, ElasticSearch stored logs and so on.
-
Facilitating IOC sharing and implementing IOC sharing policies.
To be completed
http://cybox.mitre.org/ https://github.com/CybOXProject/Tools https://github.com/CybOXProject/openioc-to-cybox Mitre CAPEC: http://capec.mitre.org/ Mitre STIX: http://stix.mitre.org/ Mitre TAXII http://taxii.mitre.org/
https://github.com/STIXProject/openioc-to-stix https://github.com/tklane/openiocscripts
Mantis Threat Intelligence Framework https://github.com/siemens/django-mantis.git Mantis supports STIX/CybOX/IODEF/OpenIOC etc via importers: https://github.com/siemens/django-mantis-openioc-importer
Search splunk data for IOC indicators: https://github.com/technoskald/splunk-search
- Online Sharing of IOCs
- What is IOC?