IOCJanitor

IOCJanitor is a web app (with optional CLI) that turns messy threat intel into usable detections. It ingests IOCs from emails, PDFs, Slack/Teams pastes, MISP, STIX/TAXII, and vendor feeds, then de-duplicates, normalizes, and validates them (DNS resolution, ASN/org, age, sinkhole checks, known-benign lists). It assigns a confidence score and expiration (TTL) so your SIEM/EDR isn’t polluted with stale indicators that create noise and wasted analyst time. Exports are opinionated and practical: Splunk ES, Microsoft Sentinel, Elastic, CrowdStrike, Palo Alto, and generic STIX 2.1. It also tracks “IOC drift” (domains rotating, IP reassignments) and alerts when an indicator turns risky to keep. This is a combination traditional + AI app: AI is used for extraction and context, but the core value is deterministic hygiene and lifecycle management.

← Back to idea list