Watcher – Open Source Cybersecurity Threat Hunting Platform

Watcher is a Django & Respond JS automated platform for exploring new perhaps cybersecurity threats focusing on your organisation.

It should really be utilized on webservers and readily available on Docker.

Watcher capabilities

• Detect emerging vulnerability, malware utilizing social community & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au…).
• Detect Keyword phrases in pastebin & in other IT information trade internet sites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm…).
• Keep an eye on destructive domain names (IPs, mail/MX information, world-wide-web internet pages applying TLSH).
• Detect suspicious domain names concentrating on your organisation, using dnstwist.

Beneficial as a bundle regrouping danger hunting/intelligence automated attributes.

Extra capabilities

• Make instances on TheHive and occasions on MISP.
• Built-in IOCs export to TheHive and MISP.
• LDAP & Regional Authentication.
• E mail notifications.
• Ticketing system feeding.
• Admin interface.
• Progress end users permissions & teams.

Associated dependencies

• RSS-Bridge
• dnstwist
• Searx
• pymisp
• thehive4py
• TLSH
• shadow-useragent
• NLTK

Screenshots

Watcher presents a potent person interface for facts visualization and investigation. This interface can also be utilised to handle Watcher utilization and to keep an eye on its status.

Threats detection

 

Search phrases detection

 

Malicious domain names checking

 

IOCs export to TheHive & MISP

Potentially destructive domain names detection

Django presents a ready-to-use person interface for administrative actions. We all know how an admin interface is vital for a web job: Customers management, consumer team administration, Watcher configuration, usage logs…

Admin interface

Installation

Develop a new Watcher instance in ten minutes applying Docker (see Installation Guide).

System architecture

 

Get associated

There are lots of methods to acquiring involved with Watcher:

• Report bugs by opening Troubles on GitHub.
• Ask for new functions or suggest ideas (via Problems).
• Make pull-requests.
• Explore bugs, attributes, tips or concerns.
• Share Watcher to your community (Twitter, Fb…).

Pastebin compliant

In purchase to use Watcher pastebin API feature, you need to have to subscribe to a pastebin pro account and whitelist Watcher public IP (see https://pastebin.com/doc_scraping_api).

Thanks to Thales Group CERT (THA-CERT) and ISEN-Toulon Engineering Faculty for making it possible for me to have out this task.

Graphic and Article Source backlink

Browse Additional on Pentesting Resources