10. Open Source Threat Intelligence ManagementSecKC
Operations Intelligence
10
06
SIEM
TIC
è
Disseminate
05
MAS
!
è
Analyze
04
!
TIC
Exploit
03
IR
Finish
02
SIEM
Fix
01
SIEM
Ħ
Find
F3EAD Framework related to IR
11. Open Source Threat Intelligence ManagementSecKC
How to build a Threat Intelligence Center (TIC)
11
Internal
Development
Internal Tools
Documentation
Internal
Relationships
External
Relationships
Plan
!
Ĥ
é
"
è
50%
50%
I
In
Ĥ
12. Open Source Threat Intelligence ManagementSecKC 12
TAXII
soltra.com
SOLTRA
CRITs friendly
Eats whatever you feed it
TAXII Gateway for partners
FS-ISAC
Utilizes TLP
Notifications
Development
gitlab.com
GitLab
Developer friendly
Local Version Control
Track Issues
Locally crowdsource dev
Integrates with Slack
For teams of 1 - 30K
The tools to build an Open Source Threat Intelligence Center (TIC)
STIX
crits.github.io
CRITs
STIX friendly
Mongo
Python Friendly
Over 30 Services
CTI repository
Campaign Tracking
Malware
cuckoosandbox.org
Cuckoo
CRITs friendly
STIX Friendly
Python Friendly
Automated Malware Analysis
Win/OSX/Linux Analysis
Volatility