Home

Here's a quick overview of this project and the main functionality - this doc is a work in progress.

OSTIP is a learning project that I have been using to learn Flask/SqlAlchemy/Celery. There are plenty of full featured Threat Data Platforms out there: MISP, CRITS, MineMeld, CIF just to name a few. I just wanted to learn some shit, not trying to re-invent the wheel. That said I like various pieces of each one of these projects. I cherry picked the functionality I liked and ran with it.

Main Features/Functionality

• Indicator storage database
• Groups indicators by "Events" (similar to the MISP model)
• Correlate indicators on indicator input (again similar to misp)
• Data validation by indicator type
• Clean simple UI for entering/managing indicators and events
• API to bulk upload/download indicators and add/delete events
• Ability to Add indicators by email
• Functionality to add events in pending state and approve later
• Customizable and modular Feed/OSINT scheduled pull/parsing (Similar to how MineMeld functions)
• Indicator Expiration

Examples of API can be found in scripts folder, and examples of feed config can be found in feeder folder.

Here's some screen shots:

Home Page

Add Event

View Event

Add Indicator

Data Type Config