TiC

•

2 gefällt mir•499 views

Cory Kennedy

 Agenda for the next 13:37 minutes
01
02
03
Cyber Threat Intelligence (CTI)
Threat Intelligence Center (TIC)
Tools and Solutions



Sharing Collectives
Standards and Getting involved
#Outhouse Shenanigans

 Where does this talk ﬁt?
Intro
Intermediate
Advanced
Expert
1337 Tier

Open Source Threat Intelligence ManagementSecKC 5
You aren't my manager pal!
?
Context
Response times
Proactive
Contribute

Open Source Threat Intelligence ManagementSecKC 6
Observable
05
04
03
02
01
Indicator
Tactics, Techniques and Procedures
Campaign
Threat Actor
Cyber Threat Intelligence Common Language

Open Source Threat Intelligence ManagementSecKC 7
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives
Lockheed Martin Cyber Kill Chain ®

Open Source Threat Intelligence ManagementSecKC 8
10
09
08
07
06
Intelligence Disciplines (*INT)
Lockheed Martin Cyber Kill Chain®
Traﬃc Light Protocol
F3EAD Framework
Cyber Threat Intelligence Common Language
STIX, TAXII, CybOX & OASIS

Open Source Threat Intelligence ManagementSecKC
F3EAD Framework
9
01
02
03
04
05
06






Find
Finish
Fix
Exploit
Analyze
Disseminate

Open Source Threat Intelligence ManagementSecKC
Operations Intelligence
10
06

SIEM

TIC
è
Disseminate
05


MAS

!
è
Analyze
04

!
TIC


Exploit
03


IR
Finish
02

SIEM

Fix
01
SIEM
Ħ


Find

F3EAD Framework related to IR

Open Source Threat Intelligence ManagementSecKC
How to build a Threat Intelligence Center (TIC)
11
Internal
Development
Internal Tools
Documentation
Internal
Relationships
External
Relationships
Plan
!

Ĥ
é

"
è
50%
50%

I
In
Ĥ

Open Source Threat Intelligence ManagementSecKC 12
TAXII
soltra.com
SOLTRA
CRITs friendly
Eats whatever you feed it
TAXII Gateway for partners
FS-ISAC
Utilizes TLP
Notiﬁcations
Development
gitlab.com
GitLab
Developer friendly
Local Version Control
Track Issues
Locally crowdsource dev
Integrates with Slack
For teams of 1 - 30K
The tools to build an Open Source Threat Intelligence Center (TIC)
STIX
crits.github.io
CRITs
STIX friendly
Mongo
Python Friendly
Over 30 Services
CTI repository
Campaign Tracking
Malware
cuckoosandbox.org
Cuckoo
CRITs friendly
STIX Friendly
Python Friendly
Automated Malware Analysis
Win/OSX/Linux Analysis
Volatility

Open Source Threat Intelligence ManagementSecKC 13
TIC.SecKC. rg:443
cory@seckc.org
Powered By: Threat Note

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav

Careers in Cyber SecurityDeep Shankar Yadav

Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja

Cyber Threat IntelligenceZaiffiEhsan

Threat intelligence in securityOsama Ellahi

Cyber Threat IntelligencePrachi Mishra

Cyber Threat IntelligenceMarlabs

Bridging the Gap Between Threat Intelligence and Risk ManagementPriyanka Aash

6 Steps for Operationalizing Threat IntelligenceSirius

Actionable Threat IntelligenceOWASP Delhi

Global Cyber Threat IntelligenceNTT Innovation Institute Inc.

Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin

Cyber Threat Intelligence - La rilevanza del dato per il businessFrancesco Faenzi

The Making of a simple Cyber Threat Intelligence Gathering SystemNiran Seriki, CCISO, CISM

The Sweet Spot of Cyber IntelligenceTieu Luu

Cyber threat intelligence pptKumar Gaurav

Threat IntelligenceDeepak Kumar (D3)

Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani

Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Open Analytics

Cyber Threat Intelligence - It's not just about the feedsIain Dickson

Was ist angesagt? (20)

Cyber Threat Intelligence | Information to Insight

Careers in Cyber Security

Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...

Cyber Threat Intelligence

Threat intelligence in security

Cyber Threat Intelligence

Bridging the Gap Between Threat Intelligence and Risk Management

6 Steps for Operationalizing Threat Intelligence

Actionable Threat Intelligence

Global Cyber Threat Intelligence

Threat Intelligence 101 - Steve Lodin - Submitted

Cyber Threat Intelligence - La rilevanza del dato per il business

The Making of a simple Cyber Threat Intelligence Gathering System

The Sweet Spot of Cyber Intelligence

Cyber threat intelligence ppt

Threat Intelligence

Threat Intelligence in Cyber Risk Programs

Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)

Cyber Threat Intelligence - It's not just about the feeds

Ähnlich wie TiC

Understanding the Threat Landscape by SOPHOSNetpluz Asia Pte Ltd

Security Research Projects GuidanceNetwork Simulation Tools

How to Respond to Industrial Intrusions Dragos, Inc.

Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.

How to get Started in Cyber Security - Rayan CrastaRayan Crasta

Cyber Hacking & Security - IEEE - Univ of Houston 2015-04Kyle Lai

CyberSecurity - UH IEEE Presentation 2015-04Kyle Lai

Security engineeringOWASP Indonesia Chapter

A Data Modelling Framework to Unify Cyber Security KnowledgeVaticle

Log Standards & Future Trends by Dr. Anton ChuvakinAnton Chuvakin

Automotive security (cvta)Alan Tatourian

MITRE ATTACKCon Power Hour - DecemberMITRE - ATT&CKcon

01_Metasploit - The Elixir of Network SecurityHarish Chaudhary

A New Security Paradigm for IoT (Internet of Threats)Priyanka Aash

Keynote Session : The Non - Evolution of SecurityPriyanka Aash

str-w04_next-wave-of-security-operationalizationpeter lam

MITRE_ATTACK_Enterprise_11x17.pdfAisyiFree

SF Bay Area Splunk User Group Meeting October 5, 2022Becky Burwell

Hacking and its typesRishab Gupta

Blockchain presentation-tech ontap-tv-v1Tony Vernall

Ähnlich wie TiC (20)

Understanding the Threat Landscape by SOPHOS

Security Research Projects Guidance

How to Respond to Industrial Intrusions

Dragos S4x20: How to Build an OT Security Operations Center

How to get Started in Cyber Security - Rayan Crasta

Cyber Hacking & Security - IEEE - Univ of Houston 2015-04

CyberSecurity - UH IEEE Presentation 2015-04

Security engineering

A Data Modelling Framework to Unify Cyber Security Knowledge

Log Standards & Future Trends by Dr. Anton Chuvakin

Automotive security (cvta)

MITRE ATTACKCon Power Hour - December

01_Metasploit - The Elixir of Network Security

A New Security Paradigm for IoT (Internet of Threats)

Keynote Session : The Non - Evolution of Security

str-w04_next-wave-of-security-operationalization

MITRE_ATTACK_Enterprise_11x17.pdf

SF Bay Area Splunk User Group Meeting October 5, 2022

Hacking and its types

Blockchain presentation-tech ontap-tv-v1

TiC

1. Cyber Threat Intelligence Management

2.  Agenda for the next 13:37 minutes 01 02 03 Cyber Threat Intelligence (CTI) Threat Intelligence Center (TIC) Tools and Solutions    Sharing Collectives Standards and Getting involved #Outhouse Shenanigans

3.  Where does this talk ﬁt? Intro Intermediate Advanced Expert 1337 Tier

4.  Was that a fat joke?

5. Open Source Threat Intelligence ManagementSecKC 5 You aren't my manager pal! ? Context Response times Proactive Contribute

6. Open Source Threat Intelligence ManagementSecKC 6 Observable 05 04 03 02 01 Indicator Tactics, Techniques and Procedures Campaign Threat Actor Cyber Threat Intelligence Common Language

7. Open Source Threat Intelligence ManagementSecKC 7 Reconnaissance Weaponization Delivery Exploitation Installation Command & Control Actions on Objectives Lockheed Martin Cyber Kill Chain ®

8. Open Source Threat Intelligence ManagementSecKC 8 10 09 08 07 06 Intelligence Disciplines (*INT) Lockheed Martin Cyber Kill Chain® Traﬃc Light Protocol F3EAD Framework Cyber Threat Intelligence Common Language STIX, TAXII, CybOX & OASIS

9. Open Source Threat Intelligence ManagementSecKC F3EAD Framework 9 01 02 03 04 05 06       Find Finish Fix Exploit Analyze Disseminate

10. Open Source Threat Intelligence ManagementSecKC Operations Intelligence 10 06  SIEM  TIC è Disseminate 05   MAS  ! è Analyze 04  ! TIC   Exploit 03   IR Finish 02  SIEM  Fix 01 SIEM Ħ   Find  F3EAD Framework related to IR

11. Open Source Threat Intelligence ManagementSecKC How to build a Threat Intelligence Center (TIC) 11 Internal Development Internal Tools Documentation Internal Relationships External Relationships Plan !  Ĥ é  " è 50% 50%  I In Ĥ

12. Open Source Threat Intelligence ManagementSecKC 12 TAXII soltra.com SOLTRA CRITs friendly Eats whatever you feed it TAXII Gateway for partners FS-ISAC Utilizes TLP Notiﬁcations Development gitlab.com GitLab Developer friendly Local Version Control Track Issues Locally crowdsource dev Integrates with Slack For teams of 1 - 30K The tools to build an Open Source Threat Intelligence Center (TIC) STIX crits.github.io CRITs STIX friendly Mongo Python Friendly Over 30 Services CTI repository Campaign Tracking Malware cuckoosandbox.org Cuckoo CRITs friendly STIX Friendly Python Friendly Automated Malware Analysis Win/OSX/Linux Analysis Volatility

13. Open Source Threat Intelligence ManagementSecKC 13 TIC.SecKC. rg:443 cory@seckc.org Powered By: Threat Note

TiC

Empfohlen