Time
4 hours 12 minutes
Difficulty
Advanced
CEU/CPE
5

Video Transcription

00:00
Hello and welcome to this lesson about public data sources as the third type off external data sources from the data collection module like we've seen in previous videos. In this lesson, we will discover together the different types of public data collections versus and I have to choose
00:20
the best fit.
00:21
Do your requirements. Public threat Intelligence sources are basically available to anyone and usually with no coast associated with access,
00:31
the public data sources are closed to the private ones when it comes to their types.
00:37
Threat bulletins feeds on platforms. So like we've seen in the video dedicated to public upto private data collection sources
00:47
here, we're going to see ah, the threat bulletins or narrative based reports. Threat feeds and threaten intelligence platforms that are publicly available for for use
00:59
public threat. Intelligence sources offer huge databases and concert many types of threats, including phishing emails, scanning a piece or crawling I p's mellow where distribution domains hashes off. Mel wears et cetera.
01:15
The first problem with public threat intelligence is the level off. Trustworthiness and Decatur's are rarely created, and this can be serious goes off noise for teams who are working on generated alerts off course. This is This could be a problem if you are willing to ingest free feeds
01:34
directly to your some solution.
01:37
Another problem with this kind of intelligence is lack of context. Some indicators, for example, I P's hashes or domains, maybe mentioned, enlists off feeds and involved with malicious activities, but they don't provide full context or they don't explain
01:56
fully their roles. For example, if if they are
01:59
malware distribution domains, if they are, see two servers or domains are sending spams, ah, the days off detections and if they're targeting particular sector.
02:09
These are not the only issues with public threat intelligence sources, because many sources keep data data for years, which makes AH validation even harder. For analysts,
02:21
this is basically the opposite of the goal behind. Use an external threat intelligence because it needs to ensure that you remain on top of the latest threats. If the data is old by the time it gets to you, the indicators may no longer be associated with malicious activity,
02:39
and all you would have done
02:42
is waste time looking into associative alerts similar to the video where we've seen private data collection sources here with public collection sources or or public threat intelligence sources. The first type is public finish. It reports that our narrative based reports containing
03:00
deal a detailed description
03:01
off incidents and threats
03:05
here there. Several lenders and security researcher blocks who offer free finishes. Reports such as Fire I Checkpoints, Muller Bite Labs Trend Micro Wheel of Security Secure List, Dallas Ah Unit 42 et cetera.
03:22
Now let's move to the second type of public threat intelligence. And I believe this is the most common public threat. Intelligence no source, which is public threat feats here. Ah, we'll start with providing some examples off platforms and websites offering
03:40
this kind of intelligence,
03:43
and the list that I'm going to mention is not meant to be exhaustive. I will start with Cyber Crime Tracker. This website provides feeds containing the girls and I p's associated with malicious activity such as Bonnie,
03:59
Lucky Bart, Tesla et cetera. You can visit the official website off cybercrime tracker here mentioned on the slide
04:05
to find the fullest off indicators that this website is providing.
04:11
A second example is Earl House. This project is offered by abused A T H and has the goal off sharing militia squirrels that are being used for malware distribution.
04:25
Another example, off feeds is offered by RANSOMWARE Tracker. This platform is dedicated to track run somewhere activities, friends Some words. Record is also offered by abused a th and drags and monitor the status off domain names
04:42
and I P addresses and the girls that are associated with ransomware activity
04:47
such as but net ah si asi to servers, distribution websites and Damon websites.
04:56
And, if you are interested to collect threat intelligence feeds about fishing than open fish is ago chores that offers free feed about fishing campaigns trending on the wild. Open fish receives Urals from multiple streams and analyze of them use and there
05:15
property. It's appropriate terry efficient detection algorithms.
05:18
Another public threats intelligence feeds is I blacklist. Eyeball Quest maintains several types off lists containing I P addresses belonging to various categories. Some off these main categories
05:33
include countries, ice, Pease, et cetera. Other lists include Web attacks for
05:40
spyware, proxies, et cetera. Many off these lists are available for free use and available in various formats.
05:49
Another example could be cyber cure Platform that offers free cyber threat intelligence feat with lists off. I P addresses that are currently infected and talking on the Internet.
06:03
There are lists off you Earl's used by malware and lists off hash files off known Muller's that's currently spreading. You can find the full documentation available on their official website.
06:18
If you think that I mentioned ah, lot off examples or large number off examples and now are confused, which ones are most appropriate for your age is cases. Then I I recommend using
06:32
a nother type off threat feeds and particular type of threat feeds called feed aggregators. And here I have
06:40
two examples. I will start with the first example, which, called Limo Limo, is a free feed aggregator offered by Anomaly and Limo incorporates intelligence from Anomaly Loves the Modern Honey Net and some other open source feeds
06:59
from the mentioned previously on other ones that I didn't mention
07:02
in these slights. So limo is fully compatible with sticks and taxi protocols that we will see in future videos and to connect limo into a platform called Stacks that we always also we're going to see
07:21
in future lessons you can use
07:25
the configuration mentioned in this light.
07:29
The second example off threat feet aggregator is called Hail a taxi. Also, it is compatible with taxi protocol and it is also a representative off open source threat Intelligence feeds in sticks format you can access or you can collect
07:48
data from hail. A taxi
07:50
using the configuration mentioned all this light.

Up Next

Advanced Cyber Threat Intelligence

Advanced Cyber Threat Intelligence will benefit security practitioners interested in preventing cyber threats. Learn how to leverage your existing data sources to extract useful information and find complementary information from external sources.

Instructed By

Instructor Profile Image
Alyssa Berriche
Instructor