Skip to content
/ Watcher Public
forked from thalesgroup-cert/Watcher

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

felix83000.github.io/watcher

License

AGPL-3.0 license
0 stars 124 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rzwolf/Watcher

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
.github
.github
 
 
Rss-bridge
Rss-bridge
 
 
Searx
Searx
 
 
Watcher
Watcher
 
 
.env
.env
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

Watcher Logo

Install Documentation LICENSE Docker Build Status Docker Automated Status

Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation.

It should be used on webservers and available on Docker.

Watcher capabilities

  • Detect emerging vulnerability, malware using social network & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au...).
  • Detect Keywords in pastebin & in other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm...).
  • Monitor malicious domain names (IP, mail/MX record, html content using TLSH).
  • Detect potentially malicious domain names targeting your organisation, using dnstwist.

Useful as a bundle regrouping threat hunting/intelligence automated features.

Additional features

  • Create cases on TheHive and events on MISP.
  • Integrated IOCs export to TheHive and MISP.
  • LDAP & Local Authentication.
  • Email notifications.
  • Ticketing system feeding.
  • Admin interface.
  • Advance users permissions & groups.

Involved dependencies

Screenshots

Watcher provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Watcher usage and to monitor its status.

Threats detection

Threats detection

Keywords detection

Keywords detection

Malicious domain names monitoring

Malicious domain names monitoring

IOCs export to TheHive & MISP

IOCs export to TheHive & MISP

Potentially malicious domain names detection

Potentially malicious domain names detection

Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: Users management, user group management, Watcher configuration, usage logs...

Admin interface

Admin interface

Installation

Create a new Watcher instance in ten minutes using Docker (see Installation Guide)

Platform architecture

Platform architecture

Get involved

There are many ways to getting involved with Watcher:

  • Report bugs by opening Issues on GitHub
  • Request new features or suggest ideas (via Issues)
  • Make pull-requests
  • Discuss bugs, features, ideas or issues
  • Share Watcher to your community (Twitter, Facebook...)

Pastebin compliant

In order to use Watcher pastebin API feature, you need to subscribe to a pastebin pro account and whitelist Watcher public IP (see https://pastebin.com/doc_scraping_api).

Thanks to ISEN-Toulon Engineering School and to Thales Group CERT (THA-CERT) for allowing me to carry out this project.

About

Watcher - Open Source Cybersecurity Threat Hunting Platform. Developed with Django & React JS.

felix83000.github.io/Watcher

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 42.8%
  • JavaScript 36.4%
  • CSS 19.7%
  • HTML 0.3%
  • Shell 0.3%
  • Dockerfile 0.2%
  • Other 0.3%