threat_note

27 August 2015

As some of you may have seen, I've been working on a new tool for security researchers to add, store and retrieve indicators pertaining to their research and analysis. Well, I'm excited to announce it's finally on GitHub and ready to be used by analysts. Please note, it's heavily in beta release right now, and there's countless things wrong with it. I'm hoping by announcing it and hosting it, others can start contributing to it and improving in areas where I lacked. This is my first adventure into web development, so I'm sure there's plenty of things that suck.

From the threat_note github page:

logo

threat_note is a web application built by Defense Point Security to allow security researchers the ability to add and retrieve indicators related to their research. As of right now this includes the ability to add IP Addresses, Domains and Threat Actors, with more types being added in the future.

This app fills the gap between various solutions currently available, by being lightweight, easy-to-install, and by minimizing fluff and extraneous information that sometimes gets in the way of adding information. To create a new indicator, you only really need to supply the object itself (whether it be a Domain, IP or Threat Actor) and change the type accordingly, and boom! That's it! Of course, supplying more information is definitely helpful, but, it's not required.

I started this project, since the other indicator storing apps didn't meet all my needs. Some were too complicated to set up and get going, some had too much detail involved so it seemed like a chore to create new indicators. With threat_note, I wanted a quick way to just enter an IP address or domain and just add some notes about it.

When talking to other analysts, it seemed that most people weren't using a full-fledged solution, but rather OneNote or a notepad to just jot stuff down. That was the end goal of threat_note, to build a tool that was just easy to use and didn't feel like a chore.

This tool is being released as an open-source tool for the security community by my employer Defense Point Security. There's also a lot of stuff in the works for this tool to keep improving it, so I'm really excited about continuing development for this.

Lastly, here is a screenshot of the current state of the app.

screen

Keep an eye out on my Twitter as well as @defpointsec for more announcements.