
Indicator of Compromise Mapping Service

Primary LanguageTeXGNU General Public License v2.0GPL-2.0


Indicator of Compromise Mapping Service


iocmap is Indicator of Compromise Mapping platform to facilitate Dynamic Threat Intelligence process within an organization.

The main purpose of the project is to provide a service to aim Incident Response Process with fast process of:

  • Performing individual IOC characteristic mapping to known/existing Indicators of Compromise. The input can be provided in form of an IP address, a hash, a URL, a process of executable name, and so on.

The output of indicators of compromise can be produced in form of: ..* snort rule(s) ..* Yara rule(s) ..* OpenIOC documents ..* CyBOX ..* Esper rule(s)

  • Performing lookup of IOC indicators within raw data sets, such as passiveDNS mappings, passive HTTP traffic, splunk logs, ElasticSearch stored logs and so on.

  • Facilitating IOC sharing and implementing IOC sharing policies.


To be completed

Related Projects


http://cybox.mitre.org/ https://github.com/CybOXProject/Tools https://github.com/CybOXProject/openioc-to-cybox Mitre CAPEC: http://capec.mitre.org/ Mitre STIX: http://stix.mitre.org/ Mitre TAXII http://taxii.mitre.org/

https://github.com/STIXProject/openioc-to-stix https://github.com/tklane/openiocscripts

Mantis Threat Intelligence Framework https://github.com/siemens/django-mantis.git Mantis supports STIX/CybOX/IODEF/OpenIOC etc via importers: https://github.com/siemens/django-mantis-openioc-importer

Search splunk data for IOC indicators: https://github.com/technoskald/splunk-search

  • Online Sharing of IOCs



  • What is IOC?
