Release v3.0.1
stoQ is an automation framework that helps to simplify the mundane and repetitive tasks an analyst is required to do. It enables analysts and DevSecOps teams to quickly transition between different data sources, databases, decoders/encoders, and numerous other tasks using enriched and consistent data structures. stoQ was designed to be enterprise ready and scalable, while also being lean enough for individual security researchers.
stoQ was initially a collection of scripts that helped us solve problems we encountered daily. These tasks, such as parsing an SMTP session, extracting attachments, scanning them with a multitude of custom and open source tools, saving the results, and then finally analyzing them took up an increasing amount of our team’s resources. We spent an ever increasing amount of time simply attempting to collect and extract data. This took valuable resources away from our ability to actually find and analyze adversa