In this updated version of my threat intel framework presentation (using Evernote as a backend database) at Defcon 23 Wall of Sheep, I have added additional feeds and updated the initial tag framework to help better organize data between Open Source feeds, a case management system, and an information sharing repository. As before there are also a few implementation examples. Thanks to the Ming and the Wall of Sheep crew for having me!
Creating REAL Threat Intelligence … with Evernote
In the presentation that threat intel vendors do not want you to see, threat data from open source and home grown resources meets Evernote as the ultimate braindump repository with the outcome of producing real actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses an experiment of using Evernote as a informal threat intelligence management platform, the specific concepts and strategies used, and its overall effectiveness. Specific topics covered include the advantages of using an open and flexible platform that can be molded into an open/closed source threat data repository, an information sharing platform, and an incident management system. Although using Evernote in this way in large enterprises is probably not possible, organizations can apply the same reference implementation to build similarly effective systems using open source or commercial solutions.
Today’s post pic is from Facebook.com. See ya!