OpenSec Atlas

getIOC2TA: An Open Source Tool for Threat Intelligence | OpenSec Atlas

Back to Browse

Threat Intelligence

Tool

getIOC2TA

getIOC2TA demonstrates the use of the Mandiant Threat Intelligence Platform API for threat intelligence tasks.

View on GitHub

About This Tool

Demonstrate the use of Mandiant Threat Intelligence Platform API

Primary Use Case

This tool is designed for security professionals and threat hunters who need to automate the process of checking IP addresses against the Mandiant Threat Intelligence Platform. By leveraging the API, users can efficiently gather threat intelligence data to enhance their security posture.

Key Features

Integration with Mandiant Threat Intelligence Platform API
Automated IP address checks
Configurable with API keys
Written in C# for improved performance
Supports threat hunting and OSINT tasks

Insights & Recommendations

Ensure you have valid API credentials from Mandiant to use this tool effectively.

Installation

Create a list of IP addresses to check as 'ip.lst'.
Generate config with your Mandiant Threat Intelligence API Key using the command: 'getIOC2TA create_config <apiKey> <apiSecret>'.
Run the program using the command: 'getIOC2TA run'.

Usage

getIOC2TA create_config <apiKey> <apiSecret>

Generates a configuration file using the provided Mandiant API key and secret.

getIOC2TA run

Executes the program to check the IP addresses listed in 'ip.lst'.

Smart Usage Notes

Can be chained with Metasploit for automated exploitationUseful for continuous security monitoring in CI/CD pipelinesIntegrate with SIEM solutions for enhanced alerting capabilitiesConsider developing a GUI for easier usability by non-technical staffUtilize in threat hunting exercises to validate network defenses