OpenCTI – Open Source Threat Intelligence Platform: PART I

This entry is part 21 of 27 in the series Threat Detection Engineering

Views: 36OpenCTI (Open Cyber Threat Intelligence Platform) is a powerful open-source solution designed to help security teams collect, store, organize, and visualize threat intelligence in a structured way. Whether you’re a SOC analyst, threat hunter, or security researcher, OpenCTI provides a unified environment to centralize CTI data, correlate intelligence from multiple sources, and share it … Read more

Threat Intelligence with MISP: Part 1 – Setting up MISP with Docker

This entry is part 15 of 27 in the series Threat Detection Engineering

Views: 1073Step-by-Step Guide to Install MISP Using Docker on Ubuntu In this guide, we will walk through the steps to install the MISP (Malware Information Sharing Platform) using Docker on an Ubuntu server. Prerequisites Before we begin, make sure your system meets the following requirements: Step 1: Update Your Server and Install Docker First, ensure … Read more

Threat Intelligence for SOC

This entry is part 2 of 27 in the series Threat Detection Engineering

Views: 56Threat Intelligence is the analysis of data and information using tools and techniques to generate meaningful patterns to mitigate against potential risks associated with existing or emerging threats targeting organisations, industries, sectors or governments. There are different classifications of Threat Intelligence, and the primary types of it are: Threat Intelligence Producers Threat Intelligence Producers … Read more

OpenCTI

Views: 123OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. OpenCTI is designed to provide organizations with the means to manage CTI through the storage, analysis, visualization and presentation of threat campaigns, malware and IOCs. Developed by the collaboration of the French National cybersecurity agency (ANSSI), the platform’s main objective is to … Read more

Threat Intelligence Tools – Abuse.ch

This entry is part 8 of 17 in the series Incident Response and Forensics

Views: 90Abuse.ch Platform Abuse.ch is a research project hosted by the Institue for Cybersecurity and Engineering at the Bern University of Applied Sciences in Switzerland. It was developed to identify and track malware and botnets through several operational platforms developed under the project. These platforms are: MalwareBazaar As the name suggests, this project is an all … Read more

Threat Intelligence Tools – URLScan.io

This entry is part 6 of 17 in the series Incident Response and Forensics

Views: 72Urlscan.io is a free service developed to assist in scanning and analysing websites. It is used to automate the process of browsing and crawling through websites to record activities and interactions. When a URL is submitted, the information recorded includes the domains and IP addresses contacted, resources requested from the domains, a snapshot of the … Read more

Threat Intelligence

This entry is part 15 of 17 in the series Incident Response and Forensics

Views: 13Threat Intelligence Foundation: Threat Intelligence is the analysis of data and information using tools and techniques to generate meaningful patterns on how to mitigate against potential risks associated with existing or emerging threats targeting organisations, industries, sectors or governments. To mitigate against risks, we can start by trying to answer a few simple questions: … Read more