Cyber Threat Intelligence

Gartner Definition: Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. 



To understand this term easily lets split the words and bring out meaning to it : 


Cyber relating to or characteristic of the culture of computers, information technology, and virtual reality.

Threat thing likely to cause damage or danger.

Intelligence the ability to acquire and apply knowledge and skills.

                Cyber Threat intelligence helps Organisation to understands the risk of most common External threats. Threat intelligence includes in-depth information about specific threats to help an organization protect itself from the types of attacks that could do them the most damage. One of the proven methods to stay on top of attacks is to detect and respond to threats with a SIEM (Security Information & Event Management system). A SIEM can be used to track everything that happens in your environment and identify anomalous activities. Isolated incidents might look unrelated, but with event correlation and threat intelligence, you can see what is actually happening in your environment. The treats that threat intelligence attempts to defend against include zero-day threats, exploits and advanced persistent threats (APTs). Threat intelligence involves in-depth analysis of both internal and external threats. Most common sources of threat intelligence: 

  1. Open Source Feeds
  2. In-House threat intelligence 
  3. Vertical Communities 
  4. Commercial Services 
  5. Dark-Web Intelligence  


Easiest way to get threat intelligence data is open source Portals, but challenge is to recognize the source from where the threat data is gathered. so here in this blog will be discussing the TOP trusted open source threat intelligence available. Threat data can be obtain via API, Text/CSV download, Feeds and Searching Portals. Below are the list for downloadable threat data :


Downloadable Threat Data: 

Source: Shadow Server
Update Interval: 24hours
Download: Yes
Description: CSV

Source: Abuse Zeus
Update Interval: 24hours
Download: Yes
Description: Text file

Source: Recorded future 
Update Interval: 24hours
Download: Yes
Description: Email

Source: Abuse feodo
Update Interval: 24hours
Download: Yes
Description: Text file

Source: Abuse Ransomeware Tracker
Update Interval: Real Time
Download: Yes
Description: You can also generate a CSV feed for a custom country code or AS number.

Source: Abuse SSL Blacklist
Update Interval: 24hours
Download: Yes
Description: Various blocklist available fingerprint/IP

Source: Emerging Threats
Update Interval: 24hours
Download: Yes
Description: Text file

Source: Open Phish
Update Interval: 24hours
Download: Yes
Description: Text file

Source: Phish Tank
 Update Interval: 24hours
Download: Yes
Description: Multiple File formats

Source: Amazon Alexa
 Update Interval: 24hours
Download: Yes
Description: CSV

Source: Cisco Umbrella
Update Interval: 24hours
Download: Yes
Description: CSV

Source: OSINT Bambenek consulting
Update Interval: 24hours
Download: Yes
Description: Text File

Source: Malware Domain List
Update Interval: 24hours
Download: Yes
Description: CSV

Source: malcOde
Update Interval: 24hours
Download: Yes
Description: Text file

Source: Threatconnect
Update Interval: 24hours
Download: Yes
Description: Text file/CSV

Source: Malshare
Update Interval: 24hours
Download: Yes
Description: Text file

Source: Greensnow
Update Interval: 24hours
Download: Yes
Description: Text file

Cyber Threat Intelligence MAP


FireEye

Comments

  1. Very informative blog... OT Network Monitoring is very important and this blog clearly shows it. Thanks for sharing helpful information.

    ReplyDelete

Post a Comment

Popular posts from this blog

RTR using Falcon Crowdstrike

Top Commands Mostly Used By System Administrator.

Damn Vulnerable Web Application - Part 1

SECURITY OPERATION CENTRE

Collective Intelligence Framework v3 - Part 1

Top 20 Subdomains Search Engines

Collective Intelligence Framework v3 - Part 2

Security Architecture for Startup

TrickBot Malware Family - A Deep Dive using Falcon Crowdstrike