KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

ThePhish: an automated phishing email analysis tool

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Extract and aggregate threat intelligence.

This repository contains Open Source freely usable Threat Intel feeds that can be used without additional requirements. Contains multiple types such as IP, URL, CVE and Hash.

Warning lists to inform users of MISP about potential false-positives or other information in indicators

Clusters and elements to attach to MISP events or attributes (like threat actors)

Python library using the MISP Rest API

OpenCTI Connectors

Modules for expansion services, enrichment, import and export in MISP and other tools.

🚌 Threat Bus – A threat intelligence dissemination layer for open-source security tools.

Set of Maltego transforms to inferface with a MISP Threat Sharing instance, and also to explore the whole MITRE ATT&CK dataset.

Threat-Intel repository. API: https://github.com/davidonzo/apiosintDS

Definition, description and relationship types of MISP objects

An OpenTAXII Configuration for MISP

SyntheticSun is a defense-in-depth security automation and monitoring framework which utilizes threat intelligence, machine learning, managed AWS security services and, serverless technologies to continuously prevent, detect and respond to threats.

BTG's purpose is to make fast and efficient search on IOC

Connect your mail client/infrastructure to MISP in order to create events based on the information contained within mails.

A utility repo to assist with converting between MISP and STIX formats

A HIDS (host-based intrusion detection system) for verifying the integrity of a system.