David André
David André
Search for IP ranges from an IP entity. ie you have IP entity 127.0.0.1, have a transform that ask how wide you want to search (/16, /24, etc...) and then...
New source of passive dns http://pdns.circl.lu/ Access can be asked at [email protected]
https://www.metascan-online.com/en/public-api#retrieving-scan-reports-using-hash Supports MD5/SHA1/SHA256
Mark the hostnames being part of DynDNS providers differently (examples: bad.3322.org / bob.dyndns.org ) A way to do this, would be DynDNS type entity that is inheriting from hostname. Collection...
From team-cymru: http://www.team-cymru.org/Services/ip-to-asn.html From shadowserver: http://www.shadowserver.org/wiki/pmwiki.php/Services/IP-BGP
Search shadowserver binary whitelist - http://bin-test.shadowserver.org/
Search for hashes/IP/hostnames/mutex on a malware google custom search engine ( http://www.google.com/cse/home?cx=011750002002865445766:pc60zx1rliu ) and create link entities to malware analysis reports linked from the results
[nfdump](http://nfdump.sourceforge.net/) allows to query [netflow](https://en.wikipedia.org/wiki/NetFlow) records stored locally for network connections going to or coming from a specific IP or multiple IPs. The syntax according to the [man page](http://manpages.ubuntu.com/manpages/gutsy/man1/nfdump.1.html) is:...
Suggestion for additions: https://www.nsa.gov/ia/_files/app/spotting_the_adversary_with_windows_event_log_monitoring.pdf Has a nice categorized list starting at page 25 with explanations and one page summary with categories / event IDs at page 8. Other events not...
[MISP](https://github.com/MISP/MISP) is a platform to exchange IOCs. It would be great to have integration with it, more specifically to download the IOCs and then compare those to the ones from...