Featured Projects

• 

  Cabby

  Cabby, an open-source Python library and command-line tool from EclecticIQ, provides developers with simple support for interacting with TAXII Services (1.0/1.1).

  Cabby makes it easy for you to include TAXII client capabilities into your own Python code, or to execute ad hoc queries from the command line.

  Interaction with TAXII Services cover the complete specifications for TAXII 1.x, including inbox, poll, discovery and collection management.

  Go to the Cabby page on GitHub for more information.

• 

  OpenTAXII

  OpenTAXII is a robust Python implementation of TAXII Services with a rich feature set and extensible, code-level APIs.

  OpenTAXII allows developers to run an extensible implementation of TAXII Services for producers and consumers of threat intelligence.

  TAXII, or Trusted Automated eXchange of Indicator Information, defines a set of services and message exchanges used for sharing cyber threat intelligence, in various formats such as STIX, between parties.

  Go to the OpenTAXII page on GitHub for more information.

• 

  PolyMon

  PolyMon is an osquery-based Windows package that allows you to query your endpoints like a database.

  PolyMon provides detailed information about process creations, network connections, file system changes and many other activities on the device.

  PolyMon can be used for various threat monitoring and forensic purposes on a stand-alone endpoints, does not require server to manage agents, and supports GUI-based navigation.

  Go to the PolyMon page on GitHub for more information.

• Endpoint Response Community Edition

  Endpoint Response Community Edition is an open source and extensible platform to manage and monitor endpoints, based on the osquery agent.

  The EclecticIQ Community Edition platform is a sophisticated and flexible endpoint monitoring and response platform. It provides endpoint monitoring and visibility, threat detection, and incident response for Security Operating Centers (SOCs).

  The platform leverages the osquery tool with the EclecticIQ osquery extension. It focuses on osquery-based agent management and offers the following features: 

  • Visibility into endpoint activities
  • Query configuration management
  • Live query interface
  • Alerting capabilities based on security critical events

  Download Endpoint Response Community Edition page on GitHub.

• Endpoint Response Community Exchange

  Community sourced queries, hunts, investigation, and configuration techniques useful for Endpoint Response or any osquery agent solution.

  The goal of this project is to provide community inspired use cases leveraging the visibility of the Endpoint Response solution. The Endpoint Response osquery-based agent and EclecticIQ osquery extension provide unrivaled visibility into file, process, users, registry, and network events for all servers, workstation, laptop, and container endpoints.

  The information applies to both Endpoint Response Enterprise and Community Editions and while we align the content to the EclecticIQ platform, many of the queries may also function on generic osquery deployments. Given there is no single repository collecting such queries, EclecticIQ is providing open access to all queries to support the osquery community. 

  Go to the Endpoint Response Community Exchange page on GitHub for more information.