stoQ is a modern, highly modular computer software framework developed by PUNCH Cyber to organize and automate repetitive, data-driven tasks for cyber analysts. By handling the heavy lifting of data processing, it allows junior and senior analysts to focus their attention on high-value security defense.

The main features of this tool include:

• Automated Analytic Processing: The framework allows for the quick and easy analysis of files, network traffic, and IOC (Indicator of Compromise) extraction.

• Robust Plugin Architecture: stoQ is built around a modular plugin system that simplifies development. Analysts can quickly create new plugins without having to worry about the underlying complexities of databases, inputs, or outputs.

• Advanced Content Extraction: It features automated "dispatching" capabilities that can handle multiple layers of obfuscation or encoding. For example, it can automatically process an XOR-encoded executable file hidden within an OLE stream inside a compressed archive.

• Database Independence: The tool is designed to work with any type of data storage, including RDBM, NoSQL, NewSQL, raw files, or a mixture of these systems.

• Agile Template Engine: To meet specific formatting or "archaic" device requirements, stoQ utilizes a Jinja2 templating engine for all plugin outputs, ensuring data can be transformed into any needed format.

• Enterprise-Ready Search and Scaling: It is designed to scale from small businesses to large enterprises. It collects and stores analytic results from all utilized sources, allowing team members to quickly search for previous examples of anything collected.