In this updated version of my threat intel framework presentation (using Evernote as a backend database) at SourceDublin, I have really expanded the framework out a bit, introducing notebooks dedicated to a logger, SIEM, indicator database, and adversary tracker. As before there are also a few implementation examples. Thanks to the SourceDublin crew, especially @rcheyne, @internmike, and @lotusebhat, for having me!
Creating REAL Threat Intelligence with Evernote
In the presentation that threat intel vendors do not want you to see, threat data from open source and home grown resources meets Evernote as the ultimate braindump repository with the outcome of producing REAL actionable threat intelligence that your organization can leverage to stop the bad guys. This presentation discusses an experiment of using Evernote as a informal threat intelligence management platform, the specific concepts and strategies used, and its overall effectiveness. Specific topics covered include the advantages of using an open and flexible platform that can be molded into an open/closed source threat data repository, an information sharing platform, and an incident management system. Although using Evernote in this way in large enterprises is probably not possible, organizations can apply the same reference implementation to build similarly effective systems using open source or commercial solutions.
Today’s post pic is from SourceConference.com. See ya!