The DoveHawk Project provides threat hunting automation capabilities using Zeek Network Security Monitor, MISP Malware Information Sharing Platform, and your own threat intelligence.
The DoveHawk Module handles downloading and importing MISP indicators into Zeek (Bro) every 4 hours and reports back MISP sightings for any hits. Hunt malware and adversaries on your network with your own threat intelligence leveraging the community power of MISP.
Support for a transparent cluster to download indicators from MISP in the cluster manager which will automatically distribute them to all workers.
Zeek - The open source network security monitor.
Zeek Package Manager - Zeek Packages to add on functionality.
MISP Project - MISP is the open source threat intelligence platform.
MISP Sightings - Sightings are feedback on threat intelligence activity seen.
@tylabs Tyler McLellan