Python IOC Editor v0.9.8
#Threat Defense#Threat Management
A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.
PyIOCe: An OpenIOC Editor Developed with Python 2.7 and wxPython 3.0.0.0
PyIOCe is an OpenIOC editor that has been developed using Python version 2.7 along with wxPython version 3.0.0.0.
Various Systems for Storing Threat Intelligence
There are numerous systems available for storing complete threat intelligence. However, OpenIOC stands out by effectively transforming that data into a streamlined and operationalized search method.
This can be used to enhance threat detection and response
This can be used to create Indicators of Compromise (IOCs) that outline broad threat behaviors, such as persistence mechanisms or key forensic sources. Additionally, it can be utilized to search for more specifically identified threats during incident response, allowing for a quick assessment of a compromise across extensive enterprise networks.
This project aims to enhance the integration of OpenIOC
This project aims to enhance ongoing efforts to increase the use of OpenIOC with various systems, including Snort, GRR, Splunk, and Yara. Standalone binaries can be found in the /dist directory. Required Python Modules include wxPython and lxml.
Features Overview
Almost entirely driven by keyboard inputs.
- Supports the simultaneous opening and editing of OpenIOC 1.0 and 1.1 IOCs (Note: OpenIOC 1.0 support is available only in MIR, utilizing legacy MIR terms).
- Management of Indicator Terms.
- Management of Parameters.
- Preferences for setting the default IOC version, default IOC context, and default IOC author.
- Cloning of IOCs.
- Ability to revert IOC changes to the last saved version.
- Functions for Cut, Copy, Paste, and drag-and-drop within the Indicator tree.
- Definitions for Indicator Terms and Parameters.
