The cyber observable expression (cybox) language provides a common structure for representing cyber observables across and among the operational areas of enterprise cyber security that improves the consistency, efficiency, and interoperability of deployed tools and processes, as well as increases overall situational awareness by enabling the potential for detailed automatable sharing, mapping, detection, and analysis heuristics.Threat intelligence tools.Cognitive learning games

OASIS open command and control (openc2) technical committee. The openc2 TC will base its efforts on artifacts generated by the openc2 forum. Prior to the creation of this TC and specification, the openc2 forum was a community of cyber-security stakeholders that was facilitated by the national security agency (NSA).Cognitive learning games the openc2 TC was chartered to draft documents, specifications, lexicons or other artifacts to fulfill the needs of cyber security command and control in a standardized manner.Cognitive learning games

The structured threat information expression (STIX) language is a standardized construct to represent cyber threat information. The STIX language intends to convey the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, and automatable.Cognitive learning games STIX does not only allow tool-agnostic fields, but also provides so-called test mechanisms that provide means for embedding tool-specific elements, including openioc, yara and snort.Cognitive learning games STIX 1.X has been archived here.

The trusted automated exchange of indicator information (TAXII) standard defines a set of services and message exchanges that, when implemented, enable sharing of actionable cyber threat information across organization and product/service boundaries.Cognitive learning games TAXII defines concepts, protocols, and message exchanges to exchange cyber threat information for the detection, prevention, and mitigation of cyber threats.Cognitive learning games

The vocabulary for event recording and incident sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner.Cognitive learning games VERIS is a response to one of the most critical and persistent challenges in the security industry – a lack of quality information. In addition to providing a structured format, VERIS also collects data from the community to report on breaches in the verizon data breach investigations report ( DBIR) and publishes this database online at VCDB.Org.Cognitive learning games

The department of homeland security’s (DHS) free automated indicator sharing (AIS) capability enables the exchange of cyber threat indicators between the federal government and the private sector at machine speed.Cognitive learning games threat indicators are pieces of information like malicious IP addresses or the sender address of a phishing email (although they can also be much more complicated).Cognitive learning games

IntelMQ is a solution for certs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It’s a community driven initiative called IHAP (incident handling automation project) which was conceptually designed by european certs during several infosec events.Cognitive learning games its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of certs.Cognitive learning games

Interflow is a security and threat information exchange platform created by microsoft for professionals working in cybersecurity. It uses a distributed architecture which enables sharing of security and threat information within and between communities for a collectively stronger ecosystem.Cognitive learning games offering multiple configuration options, interflow allows users to decide what communities to form, what data feeds to consume, and with whom.Cognitive learning games interflow is currently in private preview.

Pulsedive is a free, community threat intelligence platform that is consuming open-source feeds, enriching the iocs, and running them through a risk-scoring algorithm to improve the quality of the data.Cognitive learning games it allows users to submit, search, correlate, and update iocs; lists “risk factors” for why iocs are higher risk; and provides a high level view of threats and threat activity.Cognitive learning games

Recorded future is a premium saas product that automatically unifies threat intelligence from open, closed, and technical sources into a single solution.Cognitive learning games their technology uses natural language processing (NLP) and machine learning to deliver that threat intelligence in real time — making recorded future a popular choice for IT security teams.Cognitive learning games

Scumblr is a web application that allows performing periodic syncs of data sources (such as github repositories and urls) and performing analysis (such as static analysis, dynamic checks, and metadata collection) on the identified results.Cognitive learning games scumblr helps you streamline proactive security through an intelligent automation framework to help you identify, track, and resolve security issues faster.Cognitive learning games

StoQ is a framework that allows cyber analysts to organize and automate repetitive, data-driven tasks. It features plugins for many other systems to interact with.Cognitive learning games one use case is the extraction of iocs from documents, an example of which is shown here, but it can also be used for deobfuscationg and decoding of content and automated scanning with YARA, for example.Cognitive learning games

Adversarial tactics, techniques, and common knowledge (ATT&CK™) is a model and framework for describing the actions an adversary may take while operating within an enterprise network.Cognitive learning games ATT&CK is a constantly growing common reference for post-access techniques that brings greater awareness of what actions may be seen during a network intrusion.Cognitive learning games MITRE is actively working on integrating with related construct, such as CAPEC, STIX and MAEC.

Describes the elements of cyber threat intelligence and discusses how it is collected, analyzed, and used by a variety of human and technology consumers.Cognitive learning games further examines how intelligence can improve cybersecurity at tactical, operational, and strategic levels, and how it can help you stop attacks sooner, improve your defenses, and talk more productively about cybersecurity issues with executive management in typical for dummies style.Threat intelligence tools

cognitive learning games

The DML model is a capability maturity model for referencing ones maturity in detecting cyber attacks. It’s designed for organizations who perform intel-driven detection and response and who put an emphasis on having a mature detection program.Cognitive learning games the maturity of an organization is not measured by it’s ability to merely obtain relevant intelligence, but rather it’s capacity to apply that intelligence effectively to detection and response functions.Cognitive learning games

The guide to cyber threat information sharing (NIST special publication 800-150) assists organizations in establishing computer security incident response capabilities that leverage the collective knowledge, experience, and abilities of their partners by actively sharing threat intelligence and ongoing coordination.Cognitive learning games the guide provides guidelines for coordinated incident handling, including producing and consuming data, participating in information sharing communities, and protecting incident-related data.Cognitive learning games

This report by MWR infosecurity clearly describes several different types of threat intelligence, including strategic, tactical and operational variations.Cognitive learning games it also discusses the processes of requirements elicitation, collection, analysis, production and evaluation of threat intelligence. Also included are some quick wins and a maturity model for each of the types of threat intelligence defined by MWR infosecurity.Cognitive learning games

The WOMBAT project aims at providing new means to understand the existing and emerging threats that are targeting the internet economy and the net citizens.Cognitive learning games to reach this goal, the proposal includes three key workpackages: (i) real time gathering of a diverse set of security related raw data, (ii) enrichment of this input by means of various analysis techniques, and (iii) root cause identification and understanding of the phenomena under scrutiny.Cognitive learning games