Cosmo CTI
Bringing order to Cyber Operations

A cyber threat intelligence platform built with the cyber planner in mind.

  • Scripted NodeJS parser and cron job for transforming Apache logs to Stix2 bundles for importing.
  • Extended OpenCTI platform with custom python connector for filtering and importing log data as Indicators, Observations, and Sightings.
  • Built React components to ease batch importing with predefined tags and expose searchable data tables of imported data using GraphQL.
  • Wrote custom enrichment connectors to categorize and group log data as Campaigns.
  • Currently building out analysis tools to categorize log data as Attack Patterns and to identify Threat Actors through various inference engine rules.

Started: 2021-03-01

Launched/Lasted:: 2021-12-31



Tools: ReactJS, GraphQL, ElasticSearch, Redis, RabbitMQ, Minio, Docker, Google Cloud Platform, Python, NodeJS

Team: E.A.Taylor: Front-End, Back-End. Ray Allen: Product Development. Joseph Anderson: Business Development.

Client: Cypher LLC

Copyright: Cypher LLC

Industries: cyber security