Skip to content
kx499 edited this page Sep 24, 2016 · 9 revisions

Here's a quick overview of this project and the main functionality - this doc is a work in progress.

OSTIP is a learning project that I have been using to learn Flask/SqlAlchemy/Celery. There are plenty of full featured Threat Data Platforms out there: MISP, CRITS, MineMeld, CIF just to name a few. I just wanted to learn some shit, not trying to re-invent the wheel. That said I like various pieces of each one of these projects. I cherry picked the functionality I liked and ran with it.

Main Features/Functionality

  • Indicator storage database
  • Groups indicators by "Events" (similar to the MISP model)
  • Correlate indicators on indicator input (again similar to misp)
  • Data validation by indicator type
  • Clean simple UI for entering/managing indicators and events
  • API to bulk upload/download indicators and add/delete events
  • Ability to Add indicators by email
  • Functionality to add events in pending state and approve later
  • Customizable and modular Feed/OSINT scheduled pull/parsing (Similar to how MineMeld functions)
  • Indicator Expiration

Here's some screen shots:

Clone this wiki locally