Shulou(Shulou.com)05/31 Report--

This article will explain in detail what Watcher is. Xiaobian thinks it is quite practical, so share it with you for reference. I hope you can gain something after reading this article.

Watcher

Watcher is a powerful open source cybersecurity threat capture platform based on Django and React JS. Watcher is essentially an automated platform based on Django and React JS that helps researchers discover new potential cybersecurity threats against their organizations.

The tool needs to be used on a web server and is also supported for installation in Docker.

Watcher function

Use Social networks and other RSS feeds (cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au) to detect emerging vulnerabilities, malware.

Detect keywords in Pastebin and other IT content exchange sites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm…).

Monitor malicious domain names (IP, mail/MX records, web pages using TLSH).

Use dnstwig to detect suspicious domain names for your organization.

Watcher is a very useful tool as a bundle for recombining threat search/intelligence automation capabilities.

extra functions

Create cases on TheHive and events on MISP;

Integrate IoC export to TheHive and MISP;

LDAP& Local Authentication;

Mail notifications;

Administrator interface;

Advanced User Rights&Groups;

Ticket system Feed;

tools rely

RSS-Bridge

dnstwist

Searx

pymisp

thehive4py

TLSH

shadow-useragent

NLTK

platform architecture

Tools Download & Install

Researchers can clone the project source code locally using the following command:

git clone https://github.com/Felix83000/Watcher.git

Next, please install and configure the tool according to this Installation Guide document.

tool uses

Watcher provides a very powerful user interface to help researchers visualize and analyze data, and this interface can also be used to manage Watcher usage and monitor its status.

Threat Detection: Keyword Detection: Malicious Domain Monitoring: IoC Export to TheHive&MISP: Potentially Malicious Domain Detection:

Django provides a ready-to-use user interface for administrator activities. We all know the importance of administrative interfaces for Web projects: user management, user group management, Watcher configuration, usage logs, etc...

Administrator interface: about "Watcher is what" this article is shared here, I hope the above content can be of some help to everyone, so that you can learn more knowledge, if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.