-
Notifications
You must be signed in to change notification settings - Fork 4
Home
kx499 edited this page Sep 24, 2016
·
9 revisions
Here's a quick overview of this project and the main functionality - this doc is a work in progress.
OSTIP is a learning project that I have been using to learn Flask/SqlAlchemy/Celery. There are plenty of full featured Threat Data Platforms out there: MISP, CRITS, MineMeld, CIF just to name a few. I just wanted to learn some shit, not trying to re-invent the wheel. That said I like various pieces of each one of these projects. I cherry picked the functionality I liked and ran with it.
Main Features/Functionality
- Indicator storage database
- Groups indicators by "Events" (similar to the MISP model)
- Correlate indicators on indicator input (again similar to misp)
- Data validation by indicator type
- Clean simple UI for entering/managing indicators and events
- API to bulk upload/download indicators and add/delete events
- Ability to Add indicators by email
- Functionality to add events in pending state and approve later
- Customizable and modular Feed/OSINT scheduled pull/parsing (Similar to how MineMeld functions)
- Indicator Expiration
Examples of API can be found in scripts folder, and examples of feed config can be found in feeder folder.
Here's some screen shots:
Home Page
Add Event
View Event
Add Indicator
Data Type Config