Mistborn

Mistborn

Multi-source threat intelligence and IOC aggregation platform

Repository
Mistborn screenshot

Mistborn is an open source threat intelligence aggregation service designed to collect indicators of compromise (IOCs) and related threat data from multiple sources, normalize it, and make it easier to consume for security operations. It helps teams centralize feeds, reduce duplication, and improve the usability of threat intel in downstream tooling.

Key Features

  • Aggregates threat intelligence from multiple sources and feed formats
  • Normalizes and de-duplicates common IOC types (such as IPs, domains, URLs, and hashes)
  • Enrichment support to add context to indicators (where configured)
  • Export-oriented design for integrating aggregated intel into other systems
  • Designed for ongoing ingestion and updating of intelligence over time

Use Cases

  • Consolidating multiple threat feeds into a single curated dataset
  • Providing enriched IOC lists for SIEM, EDR, or firewall blocklists
  • Supporting incident response investigations with centralized threat intel

Mistborn is a practical option for teams that want a lightweight, self-managed way to operationalize threat intelligence, especially when working with many disparate feeds. By unifying collection and normalization, it can reduce analyst overhead and improve consistency across security workflows.

Categories:

Threat Detection, SIEM & Incident Response

Tags:

# Data Ingestion# Security# Integrations

Tech Stack:

PythonPython
Share:

Similar Services

Web-Check

Web-Check

All-in-one OSINT tool for analyzing any website.

30k
2.4k
Last commit: 4d ago

Comprehensive on-demand OSINT to analyze a website's security, architecture, and tech stack.

Alternative to:
Shodan
Shodan+8
SafeLine

SafeLine

Self-hosted WAF and reverse proxy for securing web apps

20.1k
1.3k
Last commit: 2mo ago

SafeLine is a self-hosted Web Application Firewall (WAF) and reverse proxy that defends web apps from SQL injection, XSS, bot abuse, and DDoS using ML-powered threat dete...

Alternative to:
Cloudflare Web Application Firewall (WAF)
Cloudflare Web Application Firewall (WAF)+7
Fail2Ban

Fail2Ban

Log-monitoring daemon that bans abusive IPs via firewall rules

16.6k
1.4k
Last commit: 15d ago

Fail2Ban monitors service logs for repeated failures and automatically bans abusive IP addresses by updating firewall rules for a configurable time.

Alternative to:
CrowdSec
CrowdSec
CrowdSec

CrowdSec

Crowdsourced IDS/IPS and WAF with shared malicious IP intelligence

12.2k
567
Last commit: 18h ago

CrowdSec is an open-source security engine that detects attacks from logs and blocks malicious IPs using bouncers and community-curated threat intelligence.

Alternative to:
Fail2Ban
Fail2Ban+10
Graylog

Graylog

Centralized log management and analysis platform

7.9k
1.1k
Last commit: 1d ago

Graylog is an open source platform for collecting, indexing, searching, and alerting on logs and machine data from many sources in one place.

Alternative to:
Graylog Cloud
Graylog Cloud+11
OneUptime

OneUptime

Open-source monitoring, incident management, and observability platform

6.4k
307
Last commit: 20h ago

Self-hostable observability platform for uptime monitoring, alerting, incident management, on-call, status pages, logs, and APM in one integrated suite.

Alternative to:
OneUptime
OneUptime+19