Socfortress API – Begining Solutions

Threat Intel made simple. The Socfortress Threat Intel API is designed to be user-friendly and accessible to even the most non-technical users.

Indicators of Compromise

Indicators Of Compromise.

Public IP Addresses.

Public Hostnames.

File Hashes (SHA256).

Threat Intel - Several Integrarions supported.

Graylog.

Wazuh Manager.

Threat Intel - Metadata and Source Events (Windows)

Sysmon Event 1 – Process Creation.

Sysmon Event 3 – Network Connection.

Sysmon Event 6 – Driver Loaded.

Sysmon Event 7 – Image loaded.

Sysmon Event 15 – File Creation (Stream).

Sysmon Event 22 – DNS.

Wazuh Syscheck (File added to system).

Threat Intel - Metadata and Source Events (Linux).

Packetbeat.

OSQUERY.

Wazuh Syscheck (File added to system).

Threat Intel - Metadata and Source Events (Zeek Sensors).

Public IP Addresses – All Zeek Logs with valid metadata.

Public Hostnames – All Zeek Logs with valid metadata.

File Hashes (SHA256) – All Zeek Logs with valid metadata.