GOSINT: collecting, processing, and exporting high quality indicators of compromise

GOSINT – Open Source Threat Intelligence Gathering and Processing Framework

The GOSINT framework is a project used for collecting, processing, and exporting high-quality indicators of compromise (IOCs). It allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you apply research from third parties to security event data to identify similar, or identical, indicators of malicious behaviour. The framework is written in Go with a JavaScript frontend.

Installation

There are three ways to get up and running:

1. Bash install script
2. Docker
3. Manual installation

Configuration

GOSINT needs some quick initial configuration to start making use of the framework features. All the settings you will need to specify can be found under the “Settings” tab.

Please find the configuration procedure here.

Use

Copyright (c) 2017, Cisco Systems, Inc. All rights reserved.