Antlr4

1 Project

Cosmo
Bringing order to Cyber Operations

A cyber threat intelligence platform built with the cyber planner in mind.
  • Wrote all parsers for transforming emails and various log formats into appropriate STIX2 objects
  • Built customizable log ingestion system with basic runtime threat analysis to score and store relevant meta data as Stix2 objects while preserving context and source maps.
  • Used Stix2 ANTLR4 grammar for pattern matching log data with existing Indicators of Compromise (IoC)
  • Used ZAP Security Scanner to pen test company domains with attack IDs in request headers. Then wrote generic IoC Patterns based on signatures seen in logs during pen test.
  • Wrote Opinions API to allow analysts to score IoCs by 'vulnerability' and 'severity' scales separately.
  • Built atop OpenCTI interface to follow streamlined workflow to control ingestion, triage alerts and fine tune ML engine analysis

Started: 2021-03-01

Launched/Lasted: 2023-12-31

Technologies: ReactJS, GraphQL, ElasticSearch, Redis, RabbitMQ, Minio, Docker, Google Cloud Platform, Python, NodeJS, Antlr4

Industries: Cyber Security

Team: E.A.Taylor: Front-End, Back-End. Ray Allen: Product Development. Joseph Anderson: Business Development.

Companies/Brands: Cypher LLC

Other technologies