Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation.
It should be used on webservers and available on Docker.
- Detecting emerging cybersecurity trends like new vulnerabilities, malwares… Via social networks & other RSS feeds (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au…).
- Monitor for information leaks, for example in Pastebin & other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm…).
- Monitor malicious domain names for changes (IPs, mail/MX records, web pages using TLSH).
- Detecting suspicious domain names targeting your organisation, using:
- dnstwist algorithm.
- Certificate transparency stream: certstream
Useful as a bundle regrouping threat hunting/intelligence automated features.
- Create cases on TheHive and events on MISP.
- Integrated IOCs export to TheHive and MISP.
- LDAP & Local Authentication.
- Email notifications.
- Ticketing system feeding.
- Admin interface.
- Advance users permissions & groups.
Watcher provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Watcher usage and to monitor its status.
Malicious domain names monitoring
IOCs export to TheHive & MISP
Suspicious domain names detection
Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: Users management, user group management, Watcher configuration, usage logs…
Create a new Watcher instance in ten minutes using Docker (see Installation Guide).
In order to use Watcher pastebin API feature, you need to subscribe to a pastebin pro account and whitelist Watcher public IP (see https://pastebin.com/doc_scraping_api).
Watcher (this link opens in a new window) by thalesgroup-cert (this link opens in a new window)
Watcher – Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.