Cabby, an open-source Python library and command-line tool from EclecticIQ, provides developers with simple support for interacting with TAXII Services (1.0/1.1).
Cabby makes it easy for you to include TAXII client capabilities into your own Python code, or to execute ad hoc queries from the command line.
Interaction with TAXII Services cover the complete specifications for TAXII 1.x, including inbox, poll, discovery and collection management.
Go to the Cabby page on GitHub for more information.
OpenTAXII is a robust Python implementation of TAXII Services with a rich feature set and extensible, code-level APIs.
OpenTAXII allows developers to run an extensible implementation of TAXII Services for producers and consumers of threat intelligence.
TAXII, or Trusted Automated eXchange of Indicator Information, defines a set of services and message exchanges used for sharing cyber threat intelligence, in various formats such as STIX, between parties.
Go to the OpenTAXII page on GitHub for more information.
PolyMon is an osquery-based Windows package that allows you to query your endpoints like a database.
PolyMon provides detailed information about process creations, network connections, file system changes and many other activities on the device.
PolyMon can be used for various threat monitoring and forensic purposes on a stand-alone endpoints, does not require server to manage agents, and supports GUI-based navigation.
Go to the PolyMon page on GitHub for more information.
From the developers of open-source projects Cabby, OpenTAXII and PolyMon, EclecticIQ Platform is a full-featured intelligence, hunting, and response platform that delivers analyst-centric technology to consolidate, analyze, manage, action, and disseminate intelligence and reports.