/GreedyBear

Threat Intel Platform for T-POTs

Primary LanguagePythonMIT LicenseMIT

GreedyBear

GreedyBear

GitHub release (latest by date) GitHub Repo stars Twitter Follow Linkedin

CodeFactor Code style: black Imports: isort CodeQL Dependency Review Pull request automation

The project goal is to extract data of the attacks detected by a TPOT or a cluster of them and to generate some feeds that can be used to prevent and detect attacks.

Official announcement here.

Documentation Documentation Status

Documentation about GreedyBear installation, usage, configuration and contribution can be found at https://greedybear.readthedocs.io/.

Public feeds

There are public feeds provided by The Honeynet Project in this site. Example

Please do not perform too many requests to extract feeds or you will be banned.

If you want to be updated regularly, please download the feeds only once every 10 minutes (this is the time between each internal update).

To check all the available feeds, Please refer to our usage guide

Enrichment Service

GreedyBear provides an easy-to-query API to get the information available in GB regarding the queried observable (domain or IP address).

To understand more, Please refer to our usage guide

Run Greedybear on your environment

The tool has been created not only to provide the feeds from The Honeynet Project's cluster of TPOTs.

If you manage one or more T-POTs of your own, you can get the code of this application and run Greedybear on your environment. In this way, you are able to provide new feeds of your own.

To install it locally, Please refer to our installation guide

Sponsors

Certego

Certego Logo

Certego is a MDR (Managed Detection and Response) and Threat Intelligence Provider based in Italy.

Started as a personal Christmas project from Matteo Lodi, since then GreedyBear is being improved mainly thanks to the efforts of the Certego Threat Intelligence Team.

The Honeynet Project

Honeynet.org logo

The Honeynet Project is a non-profit organization working on creating open source cyber security tools and sharing knowledge about cyber threats.