Threat Intelligence as a Service

Cyber-threat intelligence service integrates with combination of multiple open source and commercial threat intelligence to provide early warnings to the organizations and customers. So cyber-threat intelligence is an information that can helps an organization to identify, assess, monitor, and respond to the cyber-threats.

Intelligence TIaaS provide

  • STRATEGIC INTELLIGENCE
    Customer specific advisory: Threat intelligence team works 24 * 7* 365 days looking out of customer asset specific advisories. The same will be shared in multiple forms and reports.
  • TACTICAL INTELLIGENCE
    Threat Intelligence team needs to track and monitor the various cyber threats like APT’s Threat Actor and Emerging Threats, to understand their methodology, tools and techniques to provide a Tactical Intelligence Report to customers.
  • TECHNICAL INTELLIGENCE
    Threat Intelligence research team will collect the various malware samples to understand the behavior of the malware and indicators. For proactive prevention for the customers.
  • OPERATIONAL INTELLIGENCE
    This Intelligence which helps SOC to understand the ongoing attacks, which contains the advisory information and details how to prevent from the emerging attacks. example: If customer using VPN service and that VPN service has some critical vulnerability which is actively exploited by Threat Actors means. The TI Team has to provide a details about the vulnerability, affected product and version, exploit details, patch details and finally IOC (Indicators of Compromise).

Threat Intelligence Platform

TIP plays important role for the organization to covert the feeds into machine readable format

Multi-Tenant Model

Let’s assume the funnel is the TIP, which is capable of pushing the IOC’s is difference format, and with different filters.

Most Popular Open Source TIP’s are,

  1. MISP
  2. OpenCTI

For more info on TI based products please click here

TIP usually shares the indicators using API, along the URL parameters which we are calling, some of the filters are,

Some of the Basic filters like IOC Type, Severity, Region, Campaign, Time Range and Format.

If the requirements are ready along with the TIP platform, API and Parameters. check the connectivity and add these links in the security controls to get indicators update directly from the TIP.

Postman is another great tool to test the API queries from your TIP to the destination server.

Additional API References,

https://www.misp-project.org/documentation/openapi.html

Thanks for Reading.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store