4 hours 42 minutes
hello and welcome to this lesson fully dedicated to threat intelligence platforms. In this video, we will go through a quick reminder of threat intelligence platforms definition, and you'll see who are the teams that are using threat intelligence platforms.
I discovered together some common capabilities offered by these platforms,
and we will finish this lesson by exposing some products that are available on the market
as a reminder of the definition that you already seen in a previous lesson about external data collection sources. A Threat intelligence platform is defined as a piece of software where you can organize one or more feats into a single stream off threat intelligence and that you can use to get alerts and manipulate data
threat. Intelligence platforms can be used by multiple teams who are involved directly or indirectly with cyber threat intelligence, such as security operations center or sock teams where threat intelligence platforms provide automation to the operational day to day tasks.
Second, refined threat intelligence teams who use threat intelligence platforms to make assessments and predictions based on contacts that was in Richard through the available information within the platform. Third, we find executive and management teams who use threat intelligence platforms
that can provide for them dashboards and display threat trends to help them to make decisions.
Now we can move to the common features offered by threat indulgence battles
in this context and normally created a diagram that summarizes most of the common capabilities that any threat intelligence platform should be able to assure which are collect, manage and integrate
a threat intelligence platform but thematically collects and ingests data from various sources and formats. Supported sources can be open source or free feeds
bathed or premium feeds.
Finishing reports. Standardized threat files feeds from an exact or hazel
a threat. Intelligence platform should also be able to process or manage collected. Data processing includes several steps but in this case comprised off sorting normalization. This application on a Richmond off data a Threat Intelligence platform automates these processes,
freeing analysts to analyze rather than to manage collected data.
Finally, data that has been normalized, vetted and and Richard must then be delivered two systems that can use it to improve threat detection. The first example off threatened versions platforms that you are going to see in this lesson is oh takes
or open Threat exchange, which is a cloud based platform.
Develop it by I really involved.
It is one of the biggest community threat sharing platforms, with more than 19 million potential threat shared on a daily basis. Oh, takes can act as a taxi server, which makes it easy to integrate with other threat intelligence Battle arms.
Here is an overview. Off takes dashboard.
You can subscribe to a contributor in order to receive their pulses and in just the indicators into your own security. Monitoring tools using your a P I she
the outtakes community reports and receives thread data into the form off pulses.
What exposes provide you with a summary off threat, liberated IOC's and other details. If you are interested in try and this platform, you can find the full documentation available on the platform.
Our second example is missed or mellower information sharing platform, which is open source threat Intelligence platform for sharing, storing and correlating indicators off compromise.
It's a representative off mellower.
I will seize on cyber threat related to technical information.
Each package off information in the platform is called an event,
and these events are made up off a tribute. Here is assemble off events that are displayed on the Miss Mentor face. Through this interface, you can list all the events available on your platform. You can add new events. You can also list attributes or search for attributes.
These are not the only functional tease offered by Miss. You can find other functionalities in the documentation, which is available on the Miss Book Project, and the link is displayed all this light. Our third example is Critz, or
collaborative research into threats, which is an open source. Mellower and threat represent Harry that leverage other open source software to create a unified tool for analysts and security experts.
It was created to give analysts a better way off, storing, enriching and discovering threat data. You can deploy your Critz instance locally for a private, is elated environment or shared among other trusted organizations. Harry's a sample off dashboard
that can be offered
Bike Ritz here. The con section, for example, is a general overview off the quantity off some of the data available on the system.
The top backdoor section shows the most popular backdoors assigning two samples in your database.
The Top Campaigns section shows some of the most popular campaigns that you've added to regrets. Instance,
and the recent section shows some of the newest objects Editor creates instance that maybe off interest to you off course, you can find the full documentation. All the projects get her represent. Terry. The link is displayed on this light.
Our next example is threat. Goodnight platform. Just to avoid some confusions, Threat Connect offers a paid and free platform,
and here, in our example, we are talking about the free cloud based Threat Intelligence platform that is accessible via the links displayed on the slight
Threat Connect have the same common features that can be offered by any threat Intelligence platform. It is supported by a big community that share threats on a daily basis. One of the interesting features that is offered by threat, connect, ease, orchestration,
threat connect offers of the ability to establish processes with playbooks
and work. Those here is an overview off the platforms Dash port.
It displays stop collection sources. Latest finish it reports that are added to the platform and top tags
off course. This dashboard is only a General Kwan, but if you're interested in personalizing your own dashboard using your own indicators off compromise and your own interests. Then you can personalize or customize your dashboard according to your preferences.
Our final example will be stacks.
Stacks is also an open source. Platform offered by Animal E
Stacks is compatible with sticks and taxi standards and comes pre configured with free taxi feeds called limo. We've already seen Limo in previous reader, where we talked about taxi servers and also when we talked about feed aggregators
through the online portal stocks offers enrichment for the indicators, including confidence, severity, threat, score, best of D. N s and who is information.
Here is an overview off the platforms Dashboard led displays threat trends Over the past seven days,
you can directly get this dashboard after properly deploying stacks, inter environment and enabling limo feed aggregator.
In this video, we have a chance to talk with more details about threat intelligence platforms,
including who uses them their capabilities. And I shared with you a few examples off products. I choose products that are available for free or that dedicated some functionalities for free off course. These examples are not the only existing products in the market.
As you can see, data processing is really important face off the intelligence cycle.
However, it is really time consuming and it is ideal to automate it and, to my opinion teams to dedicate more time to analyze his face, then data processing. This is why it's time to move the next module, a boat and a license and production.