Skip to content
/ Spiritbox Public

A PowerShell module and GUI for sending IOCs to Elastic.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cyberphor/Spiritbox

BranchesTags

Repository files navigation

Spiritbox

GitHub
Spiritbox is a PowerShell module and Graphical User Interface (GUI) for sending Indicators of Compromise (IOCs) to Elastic.

Screenshot

Below is an example of the JSON documents created by Spiritbox. The fields may change or grow.

{
  "event": {
    "kind": "enrichment",
    "category": "threat",
    "type": "indicator"
  },
  "geo.name": "Ziwa",
  "observer": {
    "type": "Firewall"
  },
  "threat": {
    "marking": {
      "tlp": "GREEN"
    },
    "feed": {
      "name": "Spiritbox",
      "reference": "https://github.com/cyberphor/Spiritbox"
    },
    "tactic": {
      "name": "Reconnaissance"
    },
    "indicator":  {
      "provider": "Weyland-Yutani Corp",
      "last_seen": "2023-03-16T06:38:49.000Z",
      "ip": [
        "1.2.3.4",
        "2.2.2.2",
        "192.168.1.23"
      ],
      "type":  [
        "ipv4-addr"
      ]
    },
    "response": "None"
  }
}

Screenshots

Input Validation
Input Validation

Progress Bar
Progress Bar

Progress Bar Error
Progress Bar Error

Copyright

This project is licensed under the terms of the MIT license. The ghost icon was created by Freepik (Flaticon).

About

A PowerShell module and GUI for sending IOCs to Elastic.

Topics

powershell cyber-threat-intelligence

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages