Pinned Repositories
ACE
Analysis Correlation Engine
cbinterface
command line tool for interfacing with multiple carbonblack environments to perform analysis and live response functions
eventsentry
A suite of tools that parses intel from phish, sandbox reports, and other artifacts to create analyst-friendly wiki writeups.
integraldefense.github.io
o365_log_fetch
Tool to fetch and log O365 Management Activity API logs in a SIEM-friendly json format.
otx2crits
Subscribe to Alienvault OTX feeds and automatically import them into CRITs events
ptauto
Scripts and automation for PassiveTotal and CRITs
pysip
A thin wrapper around requests to interact with the Simple Intel Platform (SIP).
SIP
Simple Intel Platform
splunk_hunter
A daemon to execute splunk searches and create ACE alerts based on the results.
Integral Defense | Automate the Ordinary's Repositories
IntegralDefense/ACE
Analysis Correlation Engine
IntegralDefense/cbinterface
command line tool for interfacing with multiple carbonblack environments to perform analysis and live response functions
IntegralDefense/eventsentry
A suite of tools that parses intel from phish, sandbox reports, and other artifacts to create analyst-friendly wiki writeups.
IntegralDefense/integraldefense.github.io
IntegralDefense/SIP
Simple Intel Platform
IntegralDefense/o365_log_fetch
Tool to fetch and log O365 Management Activity API logs in a SIEM-friendly json format.
IntegralDefense/pysip
A thin wrapper around requests to interact with the Simple Intel Platform (SIP).
IntegralDefense/elk_hunter
A daemon to execute ElasticSearch queries and create ACE alerts based on the results.
IntegralDefense/json-inspect
An experimental tool to compare and flatten JSON-formatted logs for SIEM ingestion.
IntegralDefense/netskope_log_fetcher
Script to pull down netskope logs.
IntegralDefense/splunk_hunter
A daemon to execute splunk searches and create ACE alerts based on the results.
IntegralDefense/crits_splunk_detect
operationalize your indicators of compromise, and send alerts/matches to ACE
IntegralDefense/critsapi
IntegralDefense/getitintocrits
IntegralDefense/iCrt
Windows C# Gui Implementation of the Carbon Black Response feature set.
IntegralDefense/RotL
IntegralDefense/splunklib
A simple library for performing splunk search automation.
IntegralDefense/velocloud_logs
A script that pulls logs down from the Velocloud Orchestrator to be ingested by a SIEM.
IntegralDefense/yara_scanner
A Python wrapper library for libyara and a local server for fully utilizing the CPUs of the system to scan with yara.
IntegralDefense/yogger
IntegralDefense/alb_cert_update
IntegralDefense/cloudphishlib
simple library for common ACE cloudphish engine calls
IntegralDefense/crits_exports
export crits data to yara, ssdeep, and csv/splunk lookup table formats
IntegralDefense/critswhitelist
Python library that interacts with CRITS to build an indicator whitelist system.
IntegralDefense/exchangelib
Python client for Microsoft Exchange Web Services (EWS)
IntegralDefense/phishfry
python library for removal of emails
IntegralDefense/sipit
command line interface for adding indicators and querying different aspects of SIP
IntegralDefense/sipwhitelist
Library that interacts with SIP to build an indicator whitelist system.
IntegralDefense/url_click
A script for submitting urls seen on the carbonblack command line to cloudphish
IntegralDefense/urlfinderlib
Python library for finding and validating URLs in documents and arbitrary data