The Threat Intel Victory Garden: Threat Intelligence Using Open Source Tools - CTI SUMMIT 2017
Вставка
- Опубліковано 26 лип 2024
- Register for the 2018 Cyber Threat Intelligence Summit: www.sans.org/u/wOQ
Many threat intel programs ignore the most valuable source of intelligence: their own environment. In the battle to secure your organization, the benefits of “growing your own” threat intelligence are many. Self-sourced threat intel is quite possibly the most relevant origin of indicators when detecting and investigating actionable threats faced by your organization. Home-grown threat intel is also easy to prioritize and enrich because much of the original context is available. Unfortunately, many threat intelligence programs are hampered by manual processes and procedures. In this talk we will briefly discuss some common internal sources of threat intelligence, then present some novel collection techniques including open source tools like the stoQ framework and open source honeypot solutions. We will show through recorded demonstrations how indicators from these sources can be sourced, centrally stored, managed, and leveraged in an automated method. Pointers to usable code/resources that attendees can take advantage of immediately will be provided.
Dave Herrald (@daveherrald), Security Architect, Splunk
Dave Herrald is a veteran security technologist. He holds a gaggle of security certs including the GIAC GSE #79. Dave works on Splunk's Security Practice team and he rides bikes and skis for sanity.
Ryan Kovar (@meansec), Staff Security Strategist, Splunk
Ryan Kovar worked at DARPA detecting and mitigating advanced threats. He moved onto Splunk as a Security Strategist where he helps with IR, hunting, and solving fun problems. Ryan despises printers. - Наука та технологія
![Lp. Последняя Реальность #107 РОДНОЙ ДОМ [Финал] • Майнкрафт](http://i.ytimg.com/vi/IK3QKzKUlHM/mqdefault.jpg)
skip to 5 mins to skip banter
Niko Achtzehn more like 7.
Passive Dog Now Sleeping ?