IntelMQ

Presented at DeepSec 2015 „DeepSec No. 9“, Nov. 20, 2015, 4 p.m. (50 minutes)

IntelMQ is a solution for collecting and processing security feeds, pastebins, and tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs.

Presenters:

• L. Aaron Kaplan - CERT.at
  L. Aaron Kaplan studied math and computer sciences in Vienna, Austria. Kaplan is a Unix user and programmer since 4.3BSD-Lite / FreeBSD 1.0. He has been working for major telecoms, IBM, ESA, banks and critical infrastructure industries mostly doing Unix consulting/programing since 1997. Since 2008 he works for the Austrian domain registry (".AT") where he is part of a team responsible for running the national CERT - CERT.at. There he focuses on incident handling automation on a country-wide scale. He is on the board of directors of FIRST.org since 2014

Links:

• https://deepsec.net/archive/2015.deepsec.net/speaker.html#PSLOT216
• https://infocon.org/cons/DeepSec/DeepSec 2015/IntelMQ - Sebastian Wagner.mp4

Similar Presentations:

• DeepSec 2015 „DeepSec No. 9“ / Practical Incident Handling (closed)