Rustinel is an open-source endpoint detection project for Windows and Linux.

It collects native host telemetry using ETW on Windows and eBPF on Linux, normalizes events into a shared model, evaluates Sigma, YARA, and IOC detections, and writes alerts as ECS NDJSON.

Rustinel is designed for blue teams, detection engineers, researchers, and anyone who wants a transparent endpoint detection engine they can inspect, run, test, and extend.

• Rustinel @ GitHub.

A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.

Cyberbro is an open-source threat intelligence and indicator analysis platform. Whether you're a new user or a seasoned developer, this documentation will help you get started, configure, and make the most of Cyberbro's features.

• Cyberbro @ GitHub.

Related contents:

• Cyberbro - L'analyse d'IoC facile et en open source @ Korben :fr:.
• Erreur 403 | #63 :fr:.

A simple application that extracts your Indicators of Compromise (IoCs) from garbage input and checks their reputation using multiple CTI services.

This project aims to provide a simple and efficient way to check the reputation of your observables using multiple services, without having to deploy a complex solution.

• Cyberbro @ GitHub.

Extract and aggregate threat intelligence. An extendable tool to extract and aggregate IOCs from threat feeds.

ThreatIngestor can be configured to watch Twitter, RSS feeds, or other sources, extract meaningful information such as malicious IPs/domains and YARA signatures, and send that information to another system for analysis.