Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/vvv-keys/404-discobot

AI-augmented, Discord-integrated, feed-fed, ML-driven, enterprise-grade cyber threat intelligence platform
https://github.com/vvv-keys/404-discobot

cybersecurity llm machine-learning machine-learning-algorithms malware siem soar threat-hunting threat-intelligence

Last synced: 11 months ago
JSON representation

AI-augmented, Discord-integrated, feed-fed, ML-driven, enterprise-grade cyber threat intelligence platform

Awesome Lists containing this project

README 

          


  GhostSEC Banner




# 👻 GhostSEC - Ultimate Cyber Threat Intelligence Bot



Enterprise-grade Discord bot delivering real-time cyber threat intelligence with multi-source aggregation, automated analysis, and rich formatting. Monitor 10+ premium threat feeds with zero-duplicate alerts and intelligent categorization.



![Status](https://img.shields.io/badge/status-active-brightgreen) ![Sources](https://img.shields.io/badge/sources-10+-blue) ![Discord](https://img.shields.io/badge/discord-ready-7289da)



## Key Features



### Intelligence Aggregation



* **10+ Active Sources**: Government, research, commercial feeds

* **Real-time Processing**: 15-minute update cycles

* **Smart Categorization**: Malware, vulnerabilities, breaches, phishing, APT

* **IOC Extraction**: Automatic detection of IPs, domains, hashes, URLs



### Discord Integration



* **Rich Embeds**: ML-enhanced threat cards with correlation data

* **Channel Routing**: Category-specific threat channels

* **Interactive Commands**: 15+ advanced management commands

* **Real-time Alerts**: Instant notifications with priority scoring

* **Web Dashboard**: Browser-based threat intelligence interface



### Intelligence Processing



* **Machine Learning**: AI-powered threat prioritization and scoring

* **Advanced Correlation**: Real-time threat relationship mapping

* **Duplicate Filtering**: Hash-based prevention of redundant alerts

* **MISP Integration**: Automated threat intelligence sharing

* **Performance Optimized**: Concurrent processing and caching



### Sources Include



* **Government**: US-CERT, NIST NVD

* **Research**: SANS ISC, Cisco Talos, FireEye

* **Commercial**: AlienVault OTX, VirusTotal, Shodan, IBM X-Force

* **Security News**: Krebs on Security, industry blogs



## Quick Start



### 1. Discord Bot Setup



1. Visit [https://discord.com/developers/applications](https://discord.com/developers/applications)

2. Create new application and bot

3. Copy the bot token

4. Enable "Message Content Intent" in Bot settings

5. Invite bot to your server with permissions: Send Messages, Embed Links, Read Message History



### 2. Environment Setup



```bash

# Required

DISCORD_TOKEN=your_discord_bot_token



# Optional API Keys (enables premium sources)

ALIENVAULT_API_KEY=your_otx_api_key

VIRUSTOTAL_API_KEY=your_vt_api_key  

SHODAN_API_KEY=your_shodan_key

XFORCE_API_KEY=your_xforce_key



# MISP Integration

MISP_URL=https://your-misp-instance.com

MISP_API_KEY=your_misp_api_key



# Enterprise Webhooks

SPLUNK_WEBHOOK=https://your-splunk.com/webhook

SLACK_WEBHOOK_URL=https://hooks.slack.com/your/webhook

TEAMS_WEBHOOK_URL=https://your-teams-webhook-url



# Alert Notifications

SMTP_SERVER=smtp.gmail.com

SMTP_USERNAME=your_email@gmail.com

SMTP_PASSWORD=your_app_password

ALERT_TO_EMAILS=security@company.com,soc@company.com

```



### 3. Run the Bot



```bash

python start_ghostsec.py

```



### 4. Discord Commands



```

!ghost help        - Show all commands

!ghost status      - Bot statistics and uptime

!ghost sources     - List threat intelligence sources

!ghost update      - Manual feed update

!ghost test high   - Send test alert

!ghost dashboard   - Web dashboard access

!ghost correlate   - Search threat correlations

!ghost ml          - Machine learning status

!ghost webhooks    - Enterprise webhook status

!ghost export      - Export threat data

```



## Configuration



```bash

# Update frequency (minutes)

GHOSTSEC_UPDATE_INTERVAL=15



# Cache retention (days)

GHOSTSEC_MAX_CACHE_AGE_DAYS=7



# Debug mode

GHOSTSEC_DEBUG=false

LOG_LEVEL=INFO

```



## Enterprise Features



### Web Dashboard



Access the interactive threat intelligence dashboard at `http://localhost:5000` while the bot is running:



* Real-time threat visualization with charts and graphs

* IOC correlation network mapping

* Advanced search and filtering capabilities

* Threat export in JSON/CSV formats

* ML-powered insights and analytics



### Machine Learning Engine



* Automatic threat priority scoring using Random Forest algorithms

* Anomaly detection with Isolation Forest

* Text similarity analysis for threat correlation

* Continuous model training with historical data

* Feature extraction from threat metadata and content



### MISP Integration



* Automatic IOC enrichment from MISP databases

* Event creation for high-priority threats

* Correlation with existing MISP events

* Support for multiple MISP instances



### Enterprise Webhooks



* Splunk HEC integration for SIEM ingestion

* Elasticsearch indexing for log management

* IBM QRadar and Microsoft Sentinel support

* Custom webhook endpoints with authentication

* Automatic retry logic and delivery tracking



### Advanced Correlation



* IOC-based threat relationship mapping

* Temporal clustering analysis

* Campaign detection algorithms

* Attack pattern recognition

* TTPs (Tactics, Techniques, Procedures) correlation



### Custom Alert System



* Multi-channel notifications (Email, SMS, Slack, Teams)

* Severity-based alert routing

* Customizable notification rules and filters

* Escalation workflows for critical threats

* Rich HTML email formatting



## 💀 Credits



Built by GhostSec Labs. For defenders, red teams, and cyber intel professionals.



This project is consistently being updated into a single unified application for full production/enterprise developments. 

For testing, demonstrations, contributions or general inquiries feel free to join the Discord Community here: [404👻INTEL](https://discord.gg/ep4dE6Rq5G)