Threat_Note – Lightweight Investigation Notebook

Threat_Note is a web application built to allow security researchers the ability to add and retrieve indicators related to their research. Research may include ability to add IP Addresses, Domains and Threat Actors, with more types being added in the future.

This app fills the gap between various solutions currently available, by being lightweight, easy-to-install, and by minimizing fluff and extraneous information that sometimes gets in the way of adding information.

Threat_Note - Lightweight Investigation Notebook
Threat_Note – Lightweight Investigation Notebook

The framework will allow user to quickly create new indicators that include information required to track and record the attack. User may export any indicators into a variety of formats (STIX, TAXII, OpenIOC, Bro intel, etc.) to share with the SOC and Incident Response team or the security community at large.

Another good feature to have is the integration with 3rd parties. As the threat feeds evolved it will be important to make as much as possible integration with threat feed to receive updates and verify your system against any malicious IOC.

This framework allow you to add API keys and use several external services such as Whois Information, Farsight Passive DNS, VirusTotal Passive DNS, PassiveTotal WHOIS, PassiveTotal WHOIS, PassiveTotal Passive SSL, OpenDNS Investigate, CIRCL Passive DNS , CIRCL Passive SSL, Shodan Data , Cuckoo Sandbox.

You can read more and download this tool over here: https://github.com/DefensePointSecurity/threat_note

Share