Features

IOC Parser enables the following features

IOC Parser

  • Extract Indicators of Compromise (IOCs) from a variety of sources such as - Security Blogs, PDF Reports, CSV, Text Files, Zipped Files, Raw Text dump, JSON text, etc.

  • Supports extracting a variety of IOCs such as - ASN, BITCOIN_ADDRESS, CVE, DOMAIN, EMAIL, FILE_HASH_MD5, FILE_HASH_SHA1 , FILE_HASH_SHA256, IPv4, IPv6, MAC_ADDRESS, MITRE_ATT&CK, URL, YARA_RULE.

  • Supports extraction of defanged IOCs.

  • Supports multiple Encoding Types.

  • Supports extracting of Metadata.

  • Supports default WHITELIST.

IOC Sources

WIP - Ingest aggregated Sources to understand what kinds of attacks are trending in the wild.

IOC Intel

WIP - Ingest extra Intel about IOCs to gain a deeper understanding about the threats.

‚Äč