Watcher: Open Source Cybersecurity Threat Hunting Platform

Watcher

Watcher is a Django & React JS automated platform for discovering new potential cybersecurity threats targeting your organization.

It should be used on web servers and available on Docker.

Watcher capabilities

• Detect emerging vulnerability, malware using social network & other RSS sources (www.cert.ssi.gouv.fr, www.cert.europa.eu, www.us-cert.gov, www.cyber.gov.au…).
• Detect Keywords in pastebin & in other IT content exchange websites (stackoverflow, github, gitlab, bitbucket, apkmirror, npm…).
• Monitor malicious domain names (IP, mail/MX record, html content using TLSH).
• Detect potentially malicious domain names targeting your organization, using dnstwist.

Useful as a bundle regrouping threat hunting/intelligence automated features.

Additional features

• Create cases on TheHive and events on MISP.
• Integrated IOCs export to TheHive and MISP.
• LDAP & Local Authentication.
• Email notifications.
• Ticketing system feeding.
• Admin interface.
• Advance users permissions & groups.

Platform architecture

 

Watcher provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Watcher usage and to monitor its status.

Threats detection

 

 

 

 

Malicious domain names monitoring

 

IOCs export to TheHive & MISP

 

Potentially malicious domain names detection

 

Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: User management, user group management, Watcher configuration, usage logs…

Admin interface

 

Install & Use

Copyright (C) 2020 Felix83000