3 more images
|
Cosmo CTI
Bringing order to Cyber Operations
A cyber threat intelligence platform built with the cyber planner in mind. - Scripted NodeJS parser and cron job for transforming Apache logs to Stix2 bundles for importing.
- Extended OpenCTI platform with custom python connector for filtering and importing log data as Indicators, Observations, and Sightings.
- Built React components to ease batch importing with predefined tags and expose searchable data tables of imported data using GraphQL.
- Wrote custom enrichment connectors to categorize and group log data as Campaigns.
- Currently building out analysis tools to categorize log data as Attack Patterns and to identify Threat Actors through various inference engine rules.
|