AI-Powered Automated Cybersecurity Threat Detection Platform

Watcher is a Django & React JS platform designed to discover and monitor emerging cybersecurity threats with AI-powered threat intelligence analysis. It can be deployed on webservers or quickly run via Docker.

Watcher Capabilities

Watcher empowers your security operations with comprehensive threat detection and monitoring:

• AI-Driven Threat Intelligence — Transform raw threat data into actionable intelligence with automated weekly digests of top-5 trending cybersecurity topics, real-time breaking news alerts when threats emerge, on-demand summaries for any security keyword including related CVE and threat actor details.

• Emerging Threat Detection — Monitor cybersecurity trends via RSS feeds from CERT-FR (www.cert.ssi.gouv.fr), CERT-EU (www.cert.europa.eu), US-CERT (www.us-cert.gov), Australian Cyber Security Centre (www.cyber.gov.au), and more. Track new vulnerabilities, malware campaigns, and threat advisories as they appear.

• Legitimate Domain Management — Centralized approved domains with expiry, repurchase status, registrar info, and contacts. Easily convert monitored malicious domains into legitimate ones.

• Information Leak Monitoring — Detect sensitive data exposure across the webs including Pastebin, StackOverflow, GitHub, GitLab, Bitbucket, APKMirror, npm registries, and other platforms. Catch leaked credentials, API keys, and confidential information early.

• Malicious Domain Surveillance — Monitor malicious domains for changes in IP addresses, mail/MX records, and web content. Use TLSH fuzzy hashing to detect modifications. Automatic RDAP/WHOIS checks with registrar and expiry alerts.

• Suspicious Domain Detection — Identify potentially malicious domains targeting your organisation via:

  • Domain Generation Algorithm Detection using dnstwist to find typosquatting, homograph attacks, and similar domain variants
  • Certificate Transparency Monitoring via certstream to catch newly registered suspicious domains in real-time

Additional Features

Extend Watcher's capabilities with powerful integrations and management tools:

• TheHive Full Synchronization — Integration with TheHive featuring automated alert creation, smart case management, IOC enrichment, and ready-to-use Cortex Analyzers & Responders. Detailed configuration are provided in the documentation here.
• MISP Integration — Seamlessly export Indicators of Compromise (IOCs) to MISP with smart UUID tracking, automatic object creation, and manual attribute updates for collaborative threat intelligence sharing
• Flexible Authentication — Support for both LDAP and local authentication systems
• Smart Notifications — Receive email, Slack, or Citadel alerts for critical findings and threshold violations
• Ticketing System Integration — Automatically feed your ticketing system with security findings
• Comprehensive Admin Interface — Manage all aspects of Watcher through Django's powerful admin panel
• Advanced Access Control — Granular user permissions and group management for team collaboration
• Modern UI Experience — A modern interface with customizable themes, resizable dashboard panels, advanced filtering with saved filter sets, and persistent user preferences

Involved dependencies

Watcher leverages open source tools and libraries:

• Hugging Face Transformers — AI/ML framework powering threat intelligence summarization and entity extraction
• google/flan-t5-base — Text-to-text generation model for AI-powered threat summaries
• dslim/bert-base-NER — Named Entity Recognition for automatic IOC extraction
• certstream — Certificate Transparency monitoring
• dnstwist — Domain name permutation engine
• Searx — Privacy-respecting metasearch engine
• PyMISP — MISP threat intelligence platform integration
• TLSH — Fuzzy hashing for content similarity detection
• shadow-useragent — User-Agent rotation library
• NLTK — Natural Language Toolkit for text processing

App Preview

Threat Detection

AI-Powered Weekly Summary & Breaking News

Suspicious domain names detection

Legitimate Domain List

Data Leak Detection

Suspicious domain names monitoring

Theme Previews

Watcher offers multiple visual themes to match your preferences and working environment.

Admin Interface

Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: Users management, user group management, Watcher configuration, usage logs...

Installation

Get Watcher up and running in just 10 minutes using Docker. Detailed instructions available in our Installation Guide

Platform Architecture

Watcher's modular architecture ensures scalability, reliability, and easy integration with your existing security stack.

Contributing

We welcome contributions from the security community!

To report bugs, request features, or submit code, please read our full Contributing Guide.

Pastebin Compliance

In order to use Watcher pastebin API feature, you need to subscribe to a pastebin pro account and whitelist Watcher public IP (see https://pastebin.com/doc_scraping_api).