Zeek intel support for Mandiant Advantage threat intelligence feed

idaholab / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

https://idaholab.github.io/Malcolm/

Other

358 stars 59 forks source link

Zeek intel support for Mandiant Advantage threat intelligence feed #601

Closed mmguero closed 3 days ago

mmguero commented 2 weeks ago

We need to add an integration for using Mandiant threat intelligence feeds the way we do for MISP and STIIX.

Would this library help?

mmguero commented 3 days ago

Kamino closed and cloned this issue to cisagov/Malcolm