Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation.
It should be used on webservers and available on Docker.
Watcher capabilities
- Detecting emerging cybersecurity trends like new vulnerabilities, malwares... Via RSS feeds (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au...).
- Monitor for information leaks, for example in Pastebin & other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm...).
- Monitor malicious domain names for changes (IPs, mail/MX records, web pages using TLSH).
- Detecting suspicious domain names targeting your organisation, using:
- dnstwist algorithm.
- Certificate transparency stream: certstream
Useful as a bundle regrouping threat hunting/intelligence automated features.
Additional features
- Create cases on TheHive and events on MISP.
- Integrated IOCs export to TheHive and MISP.
- LDAP & Local Authentication.
- Email notifications.
- Ticketing system feeding.
- Admin interface.
- Advance users permissions & groups.
GitHub - thalesgroup-cert/Watcher: Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. - thalesgroup-cert/Watcher
thalesgroup-cert
