Python IOC Editor v0.9.8

Python IOC Editor v0.9.8

#Threat Defense#Threat Management

A PowerShell script to interact with the MITRE ATT&CK Framework via its own API using the deprecated MediaWiki API.

Visit Website

PyIOCe: An OpenIOC Editor Developed with Python 2.7 and wxPython 3.0.0.0

PyIOCe is an OpenIOC editor that has been developed using Python version 2.7 along with wxPython version 3.0.0.0.

Various Systems for Storing Threat Intelligence

There are numerous systems available for storing complete threat intelligence. However, OpenIOC stands out by effectively transforming that data into a streamlined and operationalized search method.

This can be used to enhance threat detection and response

This can be used to create Indicators of Compromise (IOCs) that outline broad threat behaviors, such as persistence mechanisms or key forensic sources. Additionally, it can be utilized to search for more specifically identified threats during incident response, allowing for a quick assessment of a compromise across extensive enterprise networks.

This project aims to enhance the integration of OpenIOC

This project aims to enhance ongoing efforts to increase the use of OpenIOC with various systems, including Snort, GRR, Splunk, and Yara. Standalone binaries can be found in the /dist directory. Required Python Modules include wxPython and lxml.

Features Overview

Almost entirely driven by keyboard inputs. - Supports the simultaneous opening and editing of OpenIOC 1.0 and 1.1 IOCs (Note: OpenIOC 1.0 support is available only in MIR, utilizing legacy MIR terms). - Management of Indicator Terms. - Management of Parameters. - Preferences for setting the default IOC version, default IOC context, and default IOC author. - Cloning of IOCs. - Ability to revert IOC changes to the last saved version. - Functions for Cut, Copy, Paste, and drag-and-drop within the Indicator tree. - Definitions for Indicator Terms and Parameters.