🚀 ElasticSecOpsCoPilot — Autonomous IOC Enrichment for Elastic Security

I just released ElasticSecOpsCoPilot, a Python-powered continuous enrichment engine.

🔥 What It Does

• Extracts IOCs from logs-* and events-*
• Enriches them using:
  • VirusTotal
  • AbuseIPDB
  • Shodan
  • WHOIS
  • IPLocation.net
• Writes structured enriched documents back into Elasticsearch

🧠 Why I Built It
Most SOCs don’t have continuous enrichment pipelines, especially small/medium teams relying heavily on Elastic Security. This tool closes that gap with:

• Real-time enrichment loop
• Rate-limited API calls
• Lightweight document schemas
• Zero vendor lock-in

🛠️ Tech Stack: -
Python, Elastic Cloud Serverless, VirusTotal API, AbuseIPDB, Shodan, free Geo IP APIs.

📦 Repo: -
👉 https://github.com/SecByShresth/ElasticSecOpsCoPilot