Stanley Spears (cyb3rlop3) Retired Army • Cybersecurity Analyst • Designer Defending Systems • Empowering People • Automating Security
| Element | Purpose / Description |
|---|---|
| CTI_Authoring/ | Templates and guidance for creating structured CTI content. |
| Ransomware/ | Profiles, indicators, and tactics related to ransomware threats. |
| RunBooks/ | Operational playbooks for incident response and threat mitigation. |
| Threat Actors/ | Detailed profiles of known threat groups, including aliases, motivations, and TTPs. |
| LICENSE | Repository licensing information. Defines usage rights and restrictions. |
| README.md | Overview of the repository, its structure, and how to contribute or use the content. |
| cti-templates.zip | Downloadable archive of CTI authoring templates for offline use or integration. |
Author: Stanley Spears (cyb3rlop3)
Purpose: Automated aggregation of threat intelligence from multiple security feeds for SOC analysts, threat intelligence teams, and security researchers.
- Threat Intelligence Aggregator → Automates multi‑source threat intelligence collection, CVE extraction, IOC tracking, SIEM‑ready exports.
- Security Automation Scripts → Workflow optimization tools for log parsing, vulnerability checks, and reporting automation.
- Learning Modules → Exploratory Python scripts demonstrating continuous growth and adaptability.
👉 Detailed examples and integrations are available in the /docs folder.
The Threat Intelligence Aggregator reduces manual effort by consolidating threat intelligence into a single, searchable dataset.
It supports SOC operations, incident response, vulnerability management, and compliance reporting.
- Multi‑source aggregation (CISA, US‑CERT, The Hacker News, SANS ISC, OpenPhish)
- CVE extraction, IOC identification, severity classification
- Deduplication and keyword filtering
- Export formats: JSON, CSV, HTML
- SIEM integration (Splunk, ELK)
Clone the repository:
git clone https://github.com/spearsies/Pythonscripts.git
cd Pythonscripts
python threat_intel_aggregator.pyGenerates timestamped reports in JSON, CSV, and HTML formats.
For technical depth, see the /docs folder:
- Overview → Architecture, workflow, and professional value
- Usage Examples → Role‑based scenarios (SOC, Threat Intel, Researchers, Compliance)
- Integrations → Splunk, ELK, MISP, SOAR
- Roadmap → Completed, in‑progress, and planned features
- Troubleshooting → Common issues and fixes
This project demonstrates:
- Applied cybersecurity expertise: CEH, SSCP, AZ‑500 training
- Hands‑on SOC and incident response skills: automation, log analysis, threat hunting
- Strategic thinking: blending military discipline with technical depth
- Enterprise readiness: SIEM integration, roadmap for MISP/SOAR compatibility
Stanley Spears
- 🎖️ Retired Army servicemember
- 🔐 Cybersecurity professional (CEH, SSCP, AZ‑500)
- 📈 Actively seeking opportunities as a Senior Cybersecurity Analyst with mission‑driven organizations
- 🌐 GitHub | 📧 stan.spears@outlook.com - 💼 LinkedIn (https://www.linkedin.com/in/stanleyspears/)
Defending Systems • Empowering People • Automating Security
MIT License – Free for security research and defensive use.