Scripts to integrate DFIR-IRIS, MISP and TimeSketch

Last update: Dec 16, 2022

Related tags

Miscellaneous dfir-iris-misp-timesketch

Overview

dfir-iris-misp-timesketch

Scripts to integrate DFIR-IRIS, MISP and TimeSketch

Scripts

IRIS

iris_create_case.py

Create a new IRIS case
Add default set of notes, based on MD templates (such as "notes_intake.md")
Add default set of tasks, based on a TheHive template
Add global task

iris_delete_tasks.py

Delete tasks from an IRIS case

iris_add_assets.py

Add assets to IRIS from a CSV file

iris_get_from_ts.py

Get Timeline events from TimeSketch

iris_add_iocs_misp.py

Add IOCs from MISP to IRIS

iris_add_evidence.py

Add evidence to IRIS

iris_get_from_ts_savedsearch.py

Get timeline events from a Timesketch saved search

iris_get_from_ts_savedsearch_byid.py

Get timeline events from a TimeSketch saved search (by id)

TimeSketch

ts_import_pcap.py

Import PCAP file into TimeSketch

ts_ioc_iris_savedsearch.py

Create a saved search based on IOCs in an IRIS case

ts_add_event.py

Manually add a TimeSketch event

ts_ioc_misp_savedsearch.py

Create a saved search based on IOCs from a MISP event

ts_create_sketch.py

Create a TimeSketch sketch

ts_import_evtx.py

Import EVTX file into TimeSketch

Elastic

https://github.com/cudeso/elastic-dfir-cluster

Owner

Koen Van Impe

Koen Van Impe

GitHub Repository

A plugin for poetry that allows you to execute scripts defined in your pyproject.toml, just like you can in npm or pipenv

poetry-exec-plugin A plugin for poetry that allows you to execute scripts defined in your pyproject.toml, just like you can in npm or pipenv Installat

38 Jan 06, 2023

Pyrmanent - Make all your classes permanent in a flash 💾

Pyrmanent A base class to make your Python classes permanent in a flash. Features Easy to use. Great compatibility. No database needed. Ask for new fe

4 Jan 07, 2022

An open letter in support of Richard Matthew Stallman being reinstated by the Free Software Foundation

An open letter in support of RMS. To sign, click here and name the file username.yaml (replace username with your name) with the following content

2.4k Jan 07, 2023

Extract gene length based on featureCount calculation gene nonredundant exon length method.

Extract gene length based on featureCount calculation gene nonredundant exon length method.

12 Nov 21, 2022

An ongoing curated list of frameworks, libraries, learning tutorials, software and resources in Python Language.

Python Development Welcome to the world of Python. An ongoing curated list of frameworks, libraries, learning tutorials, software and resources in Pyt

2 Dec 24, 2021

A simple and convenient build-and-run system for C and C++.

smake Smake is a simple and convenient build-and-run system for C and C++ projects. Why make another build system? CMake and GNU Make are great build

18 Nov 13, 2022

Generate a wordlist to fuzz amounts or any other numerical values.

Generate a wordlist to fuzz amounts or any other numerical values. Based on Common Security Issues in Financially-Oriented Web Applications.

3 Oct 14, 2022

A general-purpose wallet generator, for supported coins only

2gen A general-purpose generator for keys. Designed for all cryptocurrencies supporting the Bitcoin format of keys and addresses. Functions To enable

1 Jan 12, 2022

*考研学习利器，玩电脑控制不住自己时，可以使用该程序定日期锁屏,同时有精美壁纸锁屏显示，也不会枯燥。

LockscreenbyTime_win10 A python program in win10. You can set the time to lock the computer(by setting year, month, day), Fullscreen pictures will sho

4 Jul 10, 2022

The git for the Python Story Utility Package library.

PSUP, The Python Story Utility Package Module. PSUP helps making stories or games with options, diverging paths, different endings and so on. You can

6 Nov 27, 2022

Web app to find your chance of winning at Texas Hold 'Em

poker_mc Web app to find your chance of winning at Texas Hold 'Em A working version of this project is deployed at poker-mc.ue.r.appspot.com. It's run

7 Sep 15, 2021

Binjago - Set of tools aiding in analysis of stripped Golang binaries with Binary Ninja

Binjago 🥷 Set of tools aiding in analysis of stripped Golang binaries with Bina

2 Jul 23, 2022

This repository is an archive of emails that are sent by the awesome Quincy Larson every week.

Awesome Quincy Larson Email Archive This repository is an archive of emails that are sent by the awesome Quincy Larson every week. If you fi

912 Jan 05, 2023

Aerospace utilities: flight conditions package, standard atmosphere model, and more.

Aerospace Utilities About Module that contains commonly-used aerospace utilities for problem solving. Flight Condition: input altitude to compute comm

1 Jan 03, 2022

A basic python project which replicates the functionalities on an 8 Ball.

Magic-8-Ball To the people who wish to make decisions using a Magic 8 Ball but can't get one? I gotchu. This is a basic python project which replicate

3 Jun 24, 2021

This application is made solely for entertainment purposes

Timepass This application is made solely for entertainment purposes helps you find things to do when you're bored ! tells jokes guaranteed to bring on

2 Nov 24, 2021

This is a small compiler to demonstrate how compilers work.

This is a small compiler to demonstrate how compilers work. It compiles our own dialect to C, while being written in Python.

2 Jul 19, 2022

Bring A Trailer(BAT) is a popular online auction website for enthusiast cars. This traverse auction results and saves them as CSV

BaT Data Grabber Bring A Trailer(BAT) is a popular online auction website for enthusiast cars. This traverse auction results and saves them as CSV Bri

2 Oct 31, 2021

PyToQlik is a library that allows you to integrate Qlik Desktop with Jupyter notebooks

PyToQlik is a library that allows you to integrate Qlik Desktop with Jupyter notebooks. With it you can: Open and edit a Qlik app inside a Ju

16 Sep 09, 2022

IDA Pro plugin that shows the comments in a database

ShowComments A Simple IDA Pro plugin that shows the comments in a database Installation Copy the file showcomments.py to the plugins folder under IDA

32 Dec 10, 2022