This repository hosts a collection of OpenCTI connectors developed to integrate and enhance threat intelligence workflows. Currently, it includes three connectors:
-
Monitored Certificates by Lobo Guará
- Retrieves a list of monitored certificate domains from the Lobo Guará platform (https://loboguara.olivsec.com.br/).
- Creates observables within OpenCTI.
-
Domain Monitoring
- Monitors domains in OpenCTI.
- Checks for any applications launched on these domains.
- Creates an incident in OpenCTI if an application is identified.
-
CrowdStrike Device Information
- Fetches device information from CrowdStrike.
- Sends the retrieved information to OpenCTI.
Each connector is designed to streamline the integration process, ensuring seamless communication between different security platforms and enhancing the overall threat intelligence capability.
To install and set up the connectors, follow the instructions provided in each connector's directory.
Detailed usage instructions for each connector can be found in their respective directories. Ensure to configure the necessary API keys and environment variables as specified.
Contributions are welcome! Please fork the repository and submit pull requests for any enhancements or bug fixes.