Cyber Threat Intelligence
Gartner Definition: Threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.
To understand this term easily lets split the words and bring out meaning to it :
Cyber : relating to or characteristic of the culture of computers, information technology, and virtual reality.
Threat : thing likely to cause damage or danger.
Intelligence : the ability to acquire and apply knowledge and skills.
Cyber Threat intelligence helps Organisation to understands the risk of most common External threats. Threat intelligence includes in-depth information about specific threats to help an organization protect itself from the types of attacks that could do them the most damage. One of the proven methods to stay on top of attacks is to detect and respond to threats with a SIEM (Security Information & Event Management system). A SIEM can be used to track everything that happens in your environment and identify anomalous activities. Isolated incidents might look unrelated, but with event correlation and threat intelligence, you can see what is actually happening in your environment. The treats that threat intelligence attempts to defend against include zero-day threats, exploits and advanced persistent threats (APTs). Threat intelligence involves in-depth analysis of both internal and external threats. Most common sources of threat intelligence:
- Open Source Feeds
- In-House threat intelligence
- Vertical Communities
- Commercial Services
- Dark-Web Intelligence
Easiest way to get threat intelligence data is open source Portals, but challenge is to recognize the source from where the threat data is gathered. so here in this blog will be discussing the TOP trusted open source threat intelligence available. Threat data can be obtain via API, Text/CSV download, Feeds and Searching Portals. Below are the list for downloadable threat data :
Source: Recorded future
FireEye
Akamai
https://www.akamai.com/us/en/ solutions/intelligent- platform/visualizing-akamai/ real-time-web-monitor.jsp
Downloadable Threat Data:
Source: Shadow Server
Update Interval: 24hours
Download: Yes
Description: CSV
Source: Abuse Zeus
Update Interval: 24hours
Download: Yes
Description: Text file
Source: Recorded future
Update Interval: 24hours
Download: Yes
Description: Email
Source: Abuse feodo
Update Interval: 24hours
Download: Yes
Description: Text file
Source: Abuse Ransomeware Tracker
Update Interval: Real Time
Download: Yes
Description: You can also generate a CSV feed
for a custom country code or AS number.
Source: Abuse SSL Blacklist
Update Interval: 24hours
Download: Yes
Description: Various blocklist available fingerprint/IP
Source: Emerging Threats
Update Interval: 24hours
Download: Yes
Description: Text file
Source: Open Phish
Update Interval: 24hours
Download: Yes
Description: Text file
Source: Phish Tank
Update
Interval: 24hours
Download: Yes
Description: Multiple File formats
Source: Amazon Alexa
Update
Interval: 24hours
Download: Yes
Description: CSV
Source: Cisco Umbrella
Update Interval: 24hours
Download: Yes
Description: CSV
Source: OSINT Bambenek consulting
Update Interval: 24hours
Download: Yes
Description: Text File
Source: Malware Domain List
Update Interval: 24hours
Download: Yes
Description: CSV
Source: malcOde
Link: http://malc0de.com/bl/
Update Interval: 24hours
Download: Yes
Description: Text file
Source: Threatconnect
Update Interval: 24hours
Download: Yes
Description: Text file/CSV
Source: Malshare
Link: http://www.malshare.com/
Update Interval: 24hours
Download: Yes
Description: Text file
Source: Greensnow
Link :https://greensnow.co/
Update Interval: 24hours
Download: Yes
Description: Text file
Cyber Threat Intelligence MAP
FireEye
Digital Attack Map
http://www.digitalattackmap. com/#anim=1&color=0&country= ALL&list=0&time=17588&view=map
http://www.digitalattackmap.
https://www.akamai.com/us/en/
Online Threat Portals:
- Virus Total
- Mxtoolbox
- Metadefender
- Cisco Talos
- Abuse.ch
- Reverse
- Apility
- Cymon
- Fraudgaurd
- Malshare
- Minotaur
- Norm Shield
- SANS
- Threat miner
- Threat glass
Very informative blog... OT Network Monitoring is very important and this blog clearly shows it. Thanks for sharing helpful information.
ReplyDeletegood
ReplyDelete