Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organization.
It should be used on webservers and available on Docker.
Watcher Capabilities
- Detect emerging vulnerability, malware using social network & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au…).
- Detect Keywords in pastebin & in other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm…).
- Monitor malicious domain names (IPs, mail/MX records, web pages using TLSH).
- Detect suspicious domain names targeting your organisation, using dnstwist.
Useful as a bundle regrouping threat hunting/intelligence automated features.
Additional Features
- Create cases on TheHive and events on MISP.
- Integrated IOCs export to TheHive and MISP.
- LDAP & Local Authentication.
- Email notifications.
- Ticketing system feeding.
- Admin interface.
- Advance users permissions & groups.
Involved Dependencies
Screenshots
Watcher provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Watcher usage and to monitor its status.
Threats detection
Keywords detection
Malicious domain names monitoring
IOCs export to TheHive & MISP
Potentially malicious domain names detection
Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: Users management, user group management, Watcher configuration, usage logs…
Admin interface
Installation
Create a new Watcher instance in ten minutes using Docker (see Installation Guide).
Platform Architecture
Get Involved
There are many ways to getting involved with Watcher:
