logo
 
  1. IT-Security >
  2. Cyber Security Nachrichten >
  3. threat_note - DPS' Lightweight Investigation Notebook


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

➤ threat_note - DPS' Lightweight Investigation Notebook

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen Nachrichten Bewertung


threat_note is a web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their research. As of right now this includes the ability to add IP Addresses, Domains and Threat Actors, with more types being added in the future.
This app fills the gap between various solutions currently available, by being lightweight, easy-to-install, and by minimizing fluff and extraneous information that sometimes gets in the way of adding information. To create a new indicator, you only really need to supply the object itself (whether it be a Domain, IP or Threat Actor) and change the type accordingly, and boom! That's it! Of course, supplying more information is definitely helpful, but, it's not required.
Other applications built for storing indicators and research have some shortcomings that threat_note hopes to fix. Some common complaints with other apps are:
  • Hard to install/configure/maintain
  • Need to pay for added features (enterprise licenses)
  • Too much information
    • This boils down to there being so much stuff to do to create new indicators or trying to cram a ton of functions inside the app.

Installation
Now that we are using SQLite, there's no need for a pesky Vagrant machine. All we need to do is install some requirements via pip and fire up the server:
cd threat_note
pip install -r requirements.txt
honcho start
Once the server is running, you can browse to http://localhost:5000 and register a new account to use to login into threat_note with.

Docker Installation
A development dockerfile is now available, to build it do the following from its directory:
sudo docker build -t threat_note .
sudo docker run -itd -p 8888:8888 threat_note
Once the server is running, you can browse to http://localhost:8888 and register a new account to use to login into threat_note with.

Usage
For a good "Getting Started" guide on using threat_note, check out this post by @CYINT_dude on his blog.

Screenshots
First up is a shot of the dashboard, which has the latest indicators, the latest starred indicators, and a campaign and indicator type breakdown.

Next is a screenshot of the Network Indicators page, here you will see all the indicators that have a type of "Domain", "Network", or "IP Address".

You can edit or remove the indicator right from this page, by hovering over the applicable icon on the right-hand side of the indicator.

Clicking on a network indicator will pull up the details page for the indicator. If you have Whois information turned on, you'll see the city and country underneath the indicator.

Clicking on the "New Indicator" button on the Network or Threat Actor page will bring up a page to enter details about your new indicator.

If you click on the "Edit Indicator" icon next to an indicator, you'll be presented with a page to edit any of the details you previously entered. You can also click on the "New Attribute" icon at the bottom right to add a new attribute to your indicator.

In the screenshot below you can see the "Threat Actors" page, which is similiar to the "Network Indicators" page, however, you'll only be presented with the Threat Actors you've entered.

Below is the Campaign page. It contains all of your indicators, broken out by campaign name. Please note that the "Edit Description" button to the right of the campaign description is broken right now, and will be fixed in a future release. Clicking on an indicator will take you to the indicator detail page.

Lastly, here is the Settings page, where you can delete your threat_note database, as well as control any 3rd party integrations, such as Whois data or VirusTotal information. Turning these integrations on can slow down the time to retrieve details about your indicator. A new feature recently added by @alxhrck was the ability to add an HTTP(s) proxy if you need it to connect to 3rd parties. He also recently added support for a new 3rd party integration, OpenDNS Investigate, which can be activated on this page.



...

➥ Externe Webseite mit kompletten Inhalt öffnen

➤ Ähnliche Beiträge

  • 1.

    threat_note - DPS' Lightweight Investigation Notebook

    vom 449.75 Punkte ic_school_black_18dp
    threat_note is a web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their research. As of right now this includes the ability to add IP Addresses, Domains and Threat Actors, with m
  • 2.

    Three things to know about Azure Machine Learning Notebook VM

    vom 99.34 Punkte ic_school_black_18dp
    Data scientists have a dynamic role. They need environments that are fast and flexible while upholding their organization’s security and compliance policies. Data scientists working on machine learning projects need a flexible environment to run experiments, train models, iterate models, and innovate in. They want to focus on building, training, and deploying
  • 3.

    Apple introduces 16-inch MacBook Pro, the world’s best pro notebook

    vom 73.2 Punkte ic_school_black_18dp
    Apple introduces 16-inch MacBook Pro, the world’s best pro notebook<br/>All-New MacBook Pro Features an Immersive 16-Inch Retina Display, Up to 80 Percent Faster Performance and a New Magic Keyboard <br/>Cupertino, California — Apple
  • 4.

    Navigating the intelligent edge: answers to top questions

    vom 70.33 Punkte ic_school_black_18dp
    Over the past ten years, Microsoft has seen embedded IoT devices get progressively smarter and more connected, running software intelligence near the point where the data is being generated within a network. And having memory and compute capabilities at
  • 5.

    Announcing Support for Native Editing of Jupyter Notebooks in VS Code

    vom 62.74 Punkte ic_school_black_18dp
    With today’s October release of the Python extension, we’re excited to announce the support of native editing of Jupyter notebooks inside Visual Studio Code! You can now directly edit .ipynb files and get the interactivity of Jupyter notebooks with a
  • 6.

    A highly optimized and extremely lightweight Linux distribution built from scratch

    vom 58.88 Punkte ic_school_black_18dp
    Hey there, how's everyone doing? ​ I'm currently working on a project called glaucus. It's a highly optimized and extremely lightweight suckless (except that it's not statically linked) Linux distribution built from scratch. ​ Idles under 6mb of RA
  • 7.

    Australian Parliament Computer Network Hacked – Report

    vom 58.75 Punkte ic_school_black_18dp
    Security breach in Australian Parliament computers, security agencies are investigating a cyber breach on their computer network. According to report by ABC, In a... The post Australian Parliament Computer Network Hacked – Report appeared first on HackersOnlineClub.
  • 8.

    Simplifying confidential computing: Azure IoT Edge security with enclaves – Public preview

    vom 52.75 Punkte ic_school_black_18dp
    Enabling Open Enclave SDK for the intelligent edge and simplifying the development of trusted applications across operating systems and hardware platforms. Today we are excited to announce the cross-platform availability of the Open Enclave SDK for devices at the intelligent
  • 9.

    Simplifying confidential computing: Azure IoT Edge security with enclaves – Public preview

    vom 52.75 Punkte ic_school_black_18dp
    Enabling Open Enclave SDK for the intelligent edge and simplifying the development of trusted applications across operating systems and hardware platforms. Today we are excited to announce the cross-platform availability of the Open Enclave SDK for devices at the intelligent
  • 10.

    IoT in Action: 4 innovations that are revolutionizing IoT

    vom 52.75 Punkte ic_school_black_18dp
    The Internet of Things (IoT) is reshaping every industry from manufacturing to medicine, and opportunities to transform business are nearly limitless. And while IoT is a complicated endeavor requiring multiple partners, skillsets, and technologies, ne
  • 11.

    Microsoft Reportedly Working On a 'Lightweight Version of Windows' Known As 'Cloud Shell'

    vom 50.47 Punkte ic_school_black_18dp
    An anonymous reader quotes a report from Neowin: Last week, details emerged of Microsoft's plans to develop a single, unified, 'adaptive shell' for Windows 10. Known as the 'Composable Shell', or CSHELL, the company's efforts were said to be focused on
  • 12.

    Kangaroo Notebook: Das erste "modulare" Notebook im Hands-on

    vom 47.06 Punkte ic_school_black_18dp
    Die CES in Las Vegas ist voll mit neuen Notebook-Modellen. Das Kangaroo Notebook kann sich aus dieser Masse mit einem neuen Ansatz abheben. Die Idee: Mini-PCs können zusammen mit einem Notebook-Dock genutzt werden, um so Arbeit- und Privatleben zu tren

Kommentare ber threat_note - DPS' Lightweight Investigation Notebook