IntelTwit - Poor Man's Threat Intel

This is the newest "fun" project I am working on. The twitter plugin can dump, literally, over 1,000 fields so I've narrowed it down to what I believe is the most relevant and then pulled some of those fields apart for different uses as well as field analysis to identify developing trends/threats.

So far it's a pretty plain dashboard but I think it's good information. I'm going to try and integrate some additional API threat feeds to diversify. So, does anyone out there find this useful or am I just reinventing the wheel for something someone's already published?

Added some geo-ip enrichment for WebIron Bots, refined some of the parsing and analyzer. Published to GitHub if anyone's interested in giving it a spin.

1 Like

Just realized I have this posted in the wrong sub-forum. Can a mod move it to the appropriate place, I believe that's the #Ecosystem forum.

That's some awesome work there. Kudos!

Thanks...though I haven't touched it in quite awhile, especially since Twitter required an application process to access the data. Hopefully it still works after getting that access, I may re-visit this again in the near future. I've learned quite a bit since then with the Elastic Stack so I may be able to do things in a better way or just more stuff in general.