Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/thalesgroup-cert/Watcher

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.
https://github.com/thalesgroup-cert/Watcher

certificate-transparency certstream cybersecurity django incident-response misp monitoring nltk osint osint-python phishing reactjs rss-bridge security thehive threat-detection threat-hunting threat-intelligence watcher webapp

Last synced: about 1 month ago
JSON representation

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

Host: GitHub
URL: https://github.com/thalesgroup-cert/Watcher
Owner: thalesgroup-cert
License: agpl-3.0
Created: 2020-09-01T14:33:21.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2024-10-08T21:35:18.000Z (2 months ago)
Last Synced: 2024-10-29T16:58:47.198Z (about 1 month ago)
Topics: certificate-transparency, certstream, cybersecurity, django, incident-response, misp, monitoring, nltk, osint, osint-python, phishing, reactjs, rss-bridge, security, thehive, threat-detection, threat-hunting, threat-intelligence, watcher, webapp
Language: Python
Homepage: https://thalesgroup-cert.github.io/Watcher
Size: 15.4 MB
Stars: 854
Watchers: 38
Forks: 123
Open Issues: 15
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: SECURITY.md

Awesome Lists containing this project

awesome-hacking-lists - thalesgroup-cert/Watcher - Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS. (Python)

README

        


    



---

[![Install](/Watcher/static/Install-informational.svg)](https://thalesgroup-cert.github.io/Watcher/README.html)

[![Documentation](/Watcher/static/Documentation-informational.svg)](https://thalesgroup-cert.github.io/Watcher/)

[![GitHub Closed Issues](https://img.shields.io/github/issues-closed-raw/thalesgroup-cert/Watcher?logo=github&style=flat-square)](https://github.com/thalesgroup-cert/Watcher/issues?q=is%3Aissue+is%3Aclosed)

[![LICENSE](https://img.shields.io/github/license/thalesgroup-cert/Watcher?logo=github&style=flat-square)](/LICENSE)

[![Downloads](https://img.shields.io/docker/pulls/felix83000/watcher?logo=docker&style=flat-square)](https://hub.docker.com/r/felix83000/watcher/tags)

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation. 

It should be used on webservers and available on Docker.

## Watcher capabilities

- Detecting emerging cybersecurity trends like new vulnerabilities, malwares... Via RSS feeds (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au...).

- Monitor for information leaks, for example in Pastebin & other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm...).

- Monitor malicious domain names for changes (IPs, mail/MX records, web pages using [TLSH](https://github.com/trendmicro/tlsh)).

- Detecting suspicious domain names targeting your organisation, using:

     - [dnstwist](https://github.com/elceef/dnstwist) algorithm.

     - Certificate transparency stream: [certstream](https://github.com/CaliDog/certstream-python)

Useful as a bundle regrouping threat hunting/intelligence automated features.

## Additional features

- Create cases on [TheHive](https://thehive-project.org/) and events on [MISP](https://www.misp-project.org/).

- Integrated IOCs export to [TheHive](https://thehive-project.org/) and [MISP](https://www.misp-project.org/).

- LDAP & Local Authentication.

- Email notifications.

- Ticketing system feeding.

- Admin interface.

- Advance users permissions & groups.

## Involved dependencies

- [certstream](https://github.com/CaliDog/certstream-python)

- [dnstwist](https://github.com/elceef/dnstwist)

- [Searx](https://searx.github.io/searx/)

- [pymisp](https://github.com/MISP/PyMISP)

- [thehive4py](https://github.com/TheHive-Project/TheHive4py)

- [TLSH](https://github.com/trendmicro/tlsh)

- [shadow-useragent](https://github.com/lobstrio/shadow-useragent)

- [NLTK](https://www.nltk.org/)

## Screenshots

Watcher provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Watcher usage and to monitor its status.

**Threats detection**



    



**Data leaks**



    



**Malicious domain names monitoring**



    



**IOCs export to TheHive & MISP**



    



**Suspicious domain names detection**



    



Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: Users management, user group management, Watcher configuration, usage logs...  

**Admin interface**



    



## Installation

Create a new Watcher instance in ten minutes using Docker (see [Installation Guide](https://thalesgroup-cert.github.io/Watcher/README.html)).

## Platform architecture



    



## Get involved

There are many ways to getting involved with Watcher:

- Report bugs by opening [Issues](https://github.com/thalesgroup-cert/Watcher/issues) on GitHub.

- Request new features or suggest ideas (via [Issues](https://github.com/thalesgroup-cert/Watcher/issues)).

- Create new features and make pull-requests. Process [here](https://thalesgroup-cert.github.io/Watcher/README.html#developers).

- Discuss bugs, features, ideas or issues.

- Share Watcher to your community (Twitter, Facebook...).

## Pastebin compliant

In order to use Watcher pastebin API feature, you need to subscribe to a pastebin pro account and whitelist Watcher public IP (see https://pastebin.com/doc_scraping_api).