Automated intelligence makes everyone’s lives easier. In the spirit of automated intelligence, OpenDNS Labs is pleased to announce the release of the OpenDNS service for the newly open sourced Collaborative Research Into Threats (CRITs) tool by MITRE.
CRITs is an open source tool that brings digital investigation workflows to the masses. With a web front end backed by MongoDB, CRITs provides a central platform for analyzing malware, pcaps, emails, domains and most other artifacts related to an incident. One very powerful feature of the platform is the ability to create plugins called “services” and have plugins communicate metadata to each other.
The OpenDNS service for CRITs allows for the querying of OpenDNS’s Investigate API for domains and IP addresses within CRITs. Enabling “run at triage” will automatically kick off queries to the Investigate API whenever a new IP or domain is added to the database.
Anyone who has performed incident response and/or malware analysis in the past knows that pivoting from a Portable Executable (PE) detonated within Cuckoo Sandbox, to a ChopShop decoded IP address extracted from a proprietary malware protocol, to a list of domains which have recently resolved to the IP address, to Whois registrant contact information is a pretty interesting story. CRITs services allow for this type of workflow to happen fairly seamlessly and the integration of OpenDNS Investigate data makes that workflow even more powerful.
More information on CRITs can be found at https://github.com/crits/crits/wiki.
The OpenDNS CRITs service can be obtained from https://github.com/opendns/crits_services/tree/master/opendns_service.
If you’d like to know more about OpenDNS Investigate, please visit our Investigate Security Incidents page.