Watcher is a solution that integrates with security products using IoC (Indicator of Compromise) information gathered through the OpenCTI platform. This integration makes it possible to detect and respond to threats faster.
- Integrates with security products
- Uses IoC information gathered through OpenCTI
- Install and configure OpenCTI
- For more information on OpenCTI installation, please refer to their documentation.
- Clone the Watcher repository:
- Install dependencies:
- Windows - Powershell: To install OpenCTI on Windows using PowerShell, run the following command
.\setup_powershell.ps1 -PythonVersion "3.11" -EnvName "venv" -RequirementsFile ".\requirements.txt"-PythonVersion specifies the Python version to install. -EnvName specifies the name of the virtual environment to create. -RequirementsFile specifies the path to the requirements file containing the dependencies. - Linux/Unix - shell script: To install OpenCTI on Linux/Unix using the shell script, run the following command
./setup_linux.sh
- Windows - Powershell: To install OpenCTI on Windows using PowerShell, run the following command
- Navigate to the
opencti-watcher/src/directory in your terminal. - Run the command
../venv/bin/python3 main.pyto start the script. - When prompted, enter the URL and API key of your OpenCTI server.
- The script will start running and sending IoC information to your OpenCTI server.
- When the script finishes, it will stop running.
- You can find the files containing IoC information under the data/data_log/ folder.
Note: Make sure to have a running OpenCTI instance and API key available before running the script.
- Fork this repository
- Create a new branch (
git checkout -b feature-branch) - Make your changes and commit them (
git commit -am 'Add some feature') - Push to the branch (
git push origin feature-branch) - Create a new Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.