Watcher – Open Source Cybersecurity Threat Hunting Platform

Watcher 9

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation.

It should be used on webservers and available on Docker.

Watcher capabilities

  • Detect emerging vulnerability, malware using social network & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au…).
  • Detect Keywords in pastebin & in other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm…).
  • Monitor malicious domain names (IPs, mail/MX records, web pages using TLSH).
  • Detect suspicious domain names targeting your organisation, using dnstwist.

Useful as a bundle regrouping threat hunting/intelligence automated features.

Additional features

  • Create cases on TheHive and events on MISP.
  • Integrated IOCs export to TheHive and MISP.
  • LDAP & Local Authentication.
  • Email notifications.
  • Ticketing system feeding.
  • Admin interface.
  • Advance users permissions & groups.

Involved dependencies

  • RSS-Bridge
  • dnstwist
  • Searx
  • pymisp
  • thehive4py
  • TLSH
  • shadow-useragent
  • NLTK

Screenshots

Watcher provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Watcher usage and to monitor its status.

Threats detection

Watcher 7 Watcher threats detection

 

Keywords detection

Watcher 8 Watcher keywords detection

 

Malicious domain names monitoring

Watcher 9 1

 

IOCs export to TheHive & MISP

Watcher 10 Watcher iocs 

Potentially malicious domain names detection

Watcher 11

Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: Users management, user group management, Watcher configuration, usage logs…

Admin interface

Watcher 12 Watcher admin interface

Installation

Create a new Watcher instance in ten minutes using Docker (see Installation Guide).

Platform architecture

Watcher 13 Platform architecture

 

Get involved

There are many ways to getting involved with Watcher:

  • Report bugs by opening Issues on GitHub.
  • Request new features or suggest ideas (via Issues).
  • Make pull-requests.
  • Discuss bugs, features, ideas or issues.
  • Share Watcher to your community (Twitter, Facebook…).

Pastebin compliant

In order to use Watcher pastebin API feature, you need to subscribe to a pastebin pro account and whitelist Watcher public IP (see https://pastebin.com/doc_scraping_api).

Thanks to Thales Group CERT (THA-CERT) and ISEN-Toulon Engineering School for allowing me to carry out this project.

Download Watcher

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source