Presented at
CactusCon 12 (2024),
Feb. 16, 2024, 11 a.m.
(60 minutes).
Creating an effective Threat Intelligence program is a murky proposition. There is not a lot of good information or guidance out there. The industry is very fragmented and most Threat Intelligence platforms are extremely expensive.
This talk hopes to remedy the situation with a homebrew solution and will cover the nuts and bolts of building a threat intelligence platform using mostly open-source components that can meet the needs of most organizations regardless of size.
The talk will discuss what a threat intelligence platform is, common pitfalls, why you need one, and how to quickly build one.
We will cover:
Deploying and configuring the MISP Threat Intelligence platform correctly.
A broad Threat intelligence overview that narrows into data, people, and process solutions, e.g., How do threat feeds and events work and how to create them.
More-narrowly, threat intel can look towards threat hunting. We will provide case studies using SIEMs such as Sentinel and Elastic.
One primary goal of this talk will be creating effective threat intelligence workflows and integrating with other tools.
We will provide a GitHub with custom scripts and information on building your own Threat Intelligence.
Presenters:
-
Larry Suto and dre
- dre
dre is a Cactuscon founder and occasional speaker.
-
Larry Suto
- Principal - Strategic Data Command Inc
Larry Suto is a seasoned security consultant with many years experience. His goal is to make complex security topics accessible to everyone.
Links:
Similar Presentations: