Threat Intelligence as a Service
Cyber-threat intelligence service integrates with combination of multiple open source and commercial threat intelligence to provide early warnings to the organizations and customers. So cyber-threat intelligence is an information that can helps an organization to identify, assess, monitor, and respond to the cyber-threats.
Intelligence TIaaS provide
- STRATEGIC INTELLIGENCE
Customer specific advisory: Threat intelligence team works 24 * 7* 365 days looking out of customer asset specific advisories. The same will be shared in multiple forms and reports. - TACTICAL INTELLIGENCE
Threat Intelligence team needs to track and monitor the various cyber threats like APT’s Threat Actor and Emerging Threats, to understand their methodology, tools and techniques to provide a Tactical Intelligence Report to customers. - TECHNICAL INTELLIGENCE
Threat Intelligence research team will collect the various malware samples to understand the behavior of the malware and indicators. For proactive prevention for the customers. - OPERATIONAL INTELLIGENCE
This Intelligence which helps SOC to understand the ongoing attacks, which contains the advisory information and details how to prevent from the emerging attacks. example: If customer using VPN service and that VPN service has some critical vulnerability which is actively exploited by Threat Actors means. The TI Team has to provide a details about the vulnerability, affected product and version, exploit details, patch details and finally IOC (Indicators of Compromise).
Threat Intelligence Platform
TIP plays important role for the organization to covert the feeds into machine readable format
Let’s assume the funnel is the TIP, which is capable of pushing the IOC’s is difference format, and with different filters.
Most Popular Open Source TIP’s are,
For more info on TI based products please click here
TIP usually shares the indicators using API, along the URL parameters which we are calling, some of the filters are,
Some of the Basic filters like IOC Type, Severity, Region, Campaign, Time Range and Format.
If the requirements are ready along with the TIP platform, API and Parameters. check the connectivity and add these links in the security controls to get indicators update directly from the TIP.
Postman is another great tool to test the API queries from your TIP to the destination server.
Additional API References,
https://www.misp-project.org/documentation/openapi.html
Thanks for Reading.
