Enterprise security tooling is expensive. Enterprise intelligence tooling is expensive. Enterprise cyber threat intelligence tooling doesn't have to be. OpenCTI is an open source comprehensive platform that allows organizations to manage, structure, store, organize, and visualize their cyber threat intelligence knowledge and observables. It uses a modern tech stack built on NodeJS, Python, GraphQL, Elasticsearch, RabbitMQ, and Redis. It boasts a bustling community that provides active support to newcomers and encourages contributions from the experienced. It currently possesses the ability to import, enrich, and funnel data to/from 50+ common household names in security products!
This talk will outline how the platform can be deployed, scaled for high availability using cloud native strategies, and utilized by strategic and technical cyber threat analysts at any seniority level. The talk will also touch upon how security automation fits in the grand scheme of things to compound the operational work by other security teams.