Watcher is a Django & React JS automated platform for discovering new potentially cybersecurity threats targeting your organisation.

It should be used on webservers and available on Docker.

Watcher capabilities

Useful as a bundle regrouping threat hunting/intelligence automated features.

Additional features

Involved dependencies


Watcher provides a powerful user interface for data visualization and analysis. This interface can also be used to manage Watcher usage and to monitor its status.

Threats detection


Keywords detection


Malicious domain names monitoring


IOCs export to TheHive & MISP


Potentially malicious domain names detection

Django provides a ready-to-use user interface for administrative activities. We all know how an admin interface is important for a web project: Users management, user group management, Watcher configuration, usage logs…

Admin interface


Create a new Watcher instance in ten minutes using Docker (see Installation Guide).

Platform architecture


Get involved

There are many ways to getting involved with Watcher:

Pastebin compliant

In order to use Watcher pastebin API feature, you need to subscribe to a pastebin pro account and whitelist Watcher public IP (see

Thanks to Thales Group CERT (THA-CERT) and ISEN-Toulon Engineering School for allowing me to carry out this project.

Download Watcher

Leave a Reply

Your email address will not be published. Required fields are marked *