IOC Parser enables the following features
- Extract Indicators of Compromise (IOCs) from a variety of sources such as - Security Blogs, PDF Reports, CSV, Text Files, Zipped Files, Raw Text dump, JSON text, etc.
- Supports extracting a variety of IOCs such as - ASN, BITCOIN_ADDRESS, CVE, DOMAIN, EMAIL, FILE_HASH_MD5, FILE_HASH_SHA1 , FILE_HASH_SHA256, IPv4, IPv6, MAC_ADDRESS, MITRE_ATT&CK, URL, YARA_RULE.
- Supports extraction of defanged IOCs.
- Supports multiple Encoding Types.
- Supports extracting of Metadata.
- Supports default WHITELIST.
WIP - Ingest aggregated Sources to understand what kinds of attacks are trending in the wild.
WIP - Ingest extra Intel about IOCs to gain a deeper understanding about the threats.