Cyber Threat Intelligence Management
Agenda for the next 13:37 minutes01
02
03
Cyber Threat Intelligence (CTI)
Threat Intelligence Center (TIC)
Tools and Solutions
Sharing Collectives
Standards and Getting involved
#Outhouse Shenanigans
Open Source Threat Intelligence ManagementSecKC 5
You aren't my manager pal!
?Context
Response times
Proactive
Contribute
Open Source Threat Intelligence ManagementSecKC 6
Observable
05
04
03
02
01
Indicator
Tactics, Techniques and Procedures
Campaign
Threat Actor
Cyber Threat Intelligence Common Language
Open Source Threat Intelligence ManagementSecKC 7
Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command & Control
Actions on Objectives
Lockheed Martin Cyber Kill Chain ®
Open Source Threat Intelligence ManagementSecKC 8
10
09
08
07
06
Intelligence Disciplines (*INT)
Lockheed Martin Cyber Kill Chain®
Traffic Light Protocol
F3EAD Framework
Cyber Threat Intelligence Common Language
STIX, TAXII, CybOX & OASIS
Open Source Threat Intelligence ManagementSecKC
F3EAD Framework
9
01
02
03
04
05
06
Find
Finish
Fix
Exploit
Analyze
Disseminate
Open Source Threat Intelligence ManagementSecKC
Operations Intelligence
10
06
SIEM
TIC
è
Disseminate
05
MAS
!
è
Analyze
04
!
TIC
Exploit
03
IR
Finish
02
SIEM
Fix
01
SIEM
Ħ
Find
F3EAD Framework related to IR
Open Source Threat Intelligence ManagementSecKC
How to build a Threat Intelligence Center (TIC)
11
Internal Development
Internal Tools
Documentation
Internal Relationships
External Relationships
Plan
!
Ĥ
é
"
è
50%
50%
IIn Ĥ
Open Source Threat Intelligence ManagementSecKC 12
TAXII
soltra.com
SOLTRACRITs friendly
Eats whatever you feed it
TAXII Gateway for partners
FS-ISAC
Utilizes TLP
Notifications
Development
gitlab.com
GitLabDeveloper friendly
Local Version Control
Track Issues
Locally crowdsource dev
Integrates with Slack
For teams of 1 - 30K
The tools to build an Open Source Threat Intelligence Center (TIC)
STIX
crits.github.io
CRITsSTIX friendly
Mongo
Python Friendly
Over 30 Services
CTI repository
Campaign Tracking
Malware
cuckoosandbox.org
CuckooCRITs friendly
STIX Friendly
Python Friendly
Automated Malware Analysis
Win/OSX/Linux Analysis
Volatility
Open Source Threat Intelligence ManagementSecKC 13
TIC.SecKC. rg:443
Powered By: Threat Note