IOC Parser

• Extract Indicators of Compromise (IOCs) from a variety of sources such as - Security Blogs, PDF Reports, CSV, Text Files, Zipped Files, Raw Text dump, JSON text, etc.

• Supports extracting a variety of IOCs such as - ASN, BITCOIN_ADDRESS, CVE, DOMAIN, EMAIL, FILE_HASH_MD5, FILE_HASH_SHA1 , FILE_HASH_SHA256, IPv4, IPv6, MAC_ADDRESS, MITRE_ATT&CK, URL, YARA_RULE.

• Supports extraction of defanged IOCs.

• Supports multiple Encoding Types.

• Supports extracting of Metadata.

• Supports default WHITELIST.

IOC Sources

WIP - Ingest aggregated Sources to understand what kinds of attacks are trending in the wild.

IOC Intel

WIP - Ingest extra Intel about IOCs to gain a deeper understanding about the threats.