Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.

Collection of data sources that can be used to provide context to security events

A curated list of awesome Chart.js resources and libraries

An LLM and OCR based Indicator of Compromise Extraction Tool

User-friendly AI Interface (Supports Ollama, OpenAI API, ...)

Threat Feeds, Threat lists, and regular lists of known IP ranges and domains. It updates every 4 hours.

Aggregation of lists of malicious IP addresses, to be blocked in the WAN > LAN direction, integrated into firewalls: FortiGate, Palo Alto, pfSense, IPtables

IP list full of bad IPs - Updated every 2H

Machine-readable .txt IP blocklist from ThreatFox by Abuse.ch, updated every hour.

Checklist of the most important security countermeasures when designing, testing, and releasing your API

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

A curated list of Awesome Threat Intelligence Blogs

[ARCHIVED -- USE CVE2STIX] A small Python wrapper to download data using cve2stix and cpe2stix.

A lightweight TAXII API wrapper for ArangoDB.

A command line tool that turns NVD CVE records into STIX 2.1 Objects.

stix2arango is a command line tool that takes a group of STIX 2.1 objects in a bundle and inserts them into ArangoDB. It can also handle updates to existing objects in ArangoDB imported in a bundle.

[ARCHIVED -- USE CVE2STIX] A command line tool that turns NVD CPE records into STIX 2.1 Objects.

Extracts IoCs, TTPs and the relationships between them. Outputs a STIX 2.1 bundle.