Automated Threat Intelligent System

by do son · Published June 24, 2019 · Updated October 10, 2021

Automated Threat Intelligent System

An improvised automated threat intelligent system with advanced vulnerability scanners and Opensource Intelligence Information gathering python scripts when integrated with McAfee Advanced Threat Defense and Malware Information Sharing Platform can defend against new and futuristic cyber attacks.

ATD-MISP with OpenDXL

This integration is focusing on the automated threat intelligence collection with McAfee ATD, OpenDXL, and MISP. McAfee Advanced Threat Defense (ATD) will produce local threat intelligence that will be pushed via DXL. An OpenDXL wrapper will subscribe and parse indicators ATD produced and will import indicators into a threat intelligence management platform (MISP).

Active Response-Elastic

This integration is focusing on the automated real-time threat hunting with McAfee ATD, OpenDXL, Active Response, and Elasticsearch. McAfee Advanced Threat Defense will produce local threat intelligence that will be pushed via DXL. An OpenDXL wrapper will subscribe and parse indicators ATD produced and execute automated Active Response searches across multiple DXL fabrics. The result will be imported in a big data analytics platform.

audit.py

A simple tool designed to help to keep tracks of security audits/engagements. Logs activity to a dedicated folder for each audit.

It currently supports:

shell output logging
periodic screenshots
automated git versioning of the audit folder

F-Scan

F-Scan only facilitates the visualization when auditing a web page, its next versions will allow the researcher to make attacks and generate reports with just one click

With this script you can optimize your time, reducing the time you audit a page web since F-Scan executes the task you indicate and filters the results. the idea was born when We had to audit a web page and we had to open many consoles to run tool per tool, in addition to this, we had to analyze the logs one by one and take out the information that we need.