Tag: Indicators rss

Posts

16 January 2019 / Floyd Hightower / Playbook Apps

Parse indicators of compromise using the ioc-finder package.

04 January 2019 / Floyd Hightower / Playbook Apps

Perform operations and get data from a CIDR range.

04 January 2019 / Floyd Hightower / Playbook Apps

Perform operations and get data from an IP address.

04 January 2019 / Floyd Hightower / Playbook Apps

Perform operations and get data from a URL.

15 October 2018 / cezhunter & Floyd Hightower / Spaces Apps

Spaces app to create and manage profiles for ThreatConnect DoubleCheck.

10 October 2018 / Floyd Hightower / Playbooks

Store attributes for the unstructured indicator importer in the datastore.

21 September 2018 / Floyd Hightower / Tools

Library for validating the contents and structure of data in ThreatConnect. Think unit-tests for ThreatConnect data.

13 September 2018 / Floyd Hightower / Playbook Components

23 July 2018 / citadelintellgenceresearch / Playbook Components

Submit a host or URL to urlscan.io for enrichment.

20 July 2018 / Floyd Hightower / Spaces Apps

Unstructured import for humans. Quickly and easily import and edit/update indicators in an unstructured format.

20 June 2018 / Malware Utkonos / Playbooks

Reports a false positive, turns off all monitors, resets all ratings, waits 25 hours for CAL to pick up the change, and finally deletes the indicator and republishes all groups associated with the indicator.

08 June 2018 / citadelintellgenceresearch / Playbooks

This playbook is designed to verify when a new IOC (Address, URL, Host, File, or Email Address) comes in, whether it already exists in the platform in a different owner.

06 June 2018 / Malware Utkonos / Playbooks

Generate a Bro Intelligence Framework signature from an indicator.

15 May 2018 / Floyd Hightower / Spaces Apps

Structured import for humans. Quickly and easily import and edit/update indicators in a structured format (currently JSON, but more formats coming).

19 April 2018 / Floyd Hightower / Spaces Apps


21 March 2018 / citadelintelligenceresearch / Playbooks

This playbook presents a User Action trigger that when pressed, will query Shodan's API for a given indicator then pull back enrichments and store them as an attribute on said indicator.

16 March 2018 / brikardtc / Playbooks

This Playbook will create a mailbox to ingest emails. When an email is sent to this mailbox, it will save the attachment and associate it to the email item that was created. It will additionally extract indicators as save them as associations to the email as well.

08 March 2018 / Floyd Hightower / Playbooks

Add an attribute and/or tag to all indicators associated with a given group.

08 March 2018 / Floyd Hightower / Playbooks

Read a Google Alerts RSS feed and create indicators from the links. This playbook pulls the content from an RSS feed of Google alerts, finds the URLs from the alerts, and creates those URLs as indicators in ThreatConnect.

07 March 2018 / Floyd Hightower / Playbooks

These playbooks allow users to turn the DNS on or off for all indicators associated with a group.

05 March 2018 / Floyd Hightower / Playbooks

This playbook lets you query Cymon for an IP Address or Host.

05 March 2018 / Floyd Hightower / Playbooks

Create and copy the link to an Indicator in two clicks.

02 March 2018 / Floyd Hightower / Playbook Apps

Fang indicators of compromise in text.

01 March 2018 / Floyd Hightower / Playbook Components

Defang indicators of compromise so they don't become links in documents, emails, tasks, slack messages, etc.

28 February 2018 / Floyd Hightower / Playbook Components

Parse indicators from text using the system regexes available via the API.