New article by #OSINT analyst Niels Groeneveld | Subject: How to leverage #STIX and #TAXII for intelligence collection | https://cyberthreatintelligencenetwork.com/index.php/2023/01/25/expanding-the-use-cases-of-stix-and-taxii-leveraging-threat-intelligence-frameworks-for-national-security-and-intelligence-analysis/

‎Yet another app! TraxTi, a #STIX object reader, that reads from the MITRE #Taxii server. #cybersecurity #threat #intel #security https://apps.apple.com/nl/app/traxti/id1665268019?l=en

Wordle 569 4/6

⬜⬜⬜🟩⬜
🟩⬜⬜🟩⬜
🟩🟨⬜🟩⬜
🟩🟩🟩🟩🟩 #wordle #brownie #stix

@Imlordofthering This is a great reminder to all in #CTI that IOCs mean nothing without context and I agree we don't have a standard way of sharing them. Some vendors make it near impossible to simply copy/paste IOCs into a spreadsheet or export to a standard format like #STIX
From what I've seen, Analyst1 is the only TIP that can parse IOCs from PDFs and make them searchable and exportable.

Simply a must for the #CTI community: #OpenCTI 5.5.0 is out. https://github.com/OpenCTI-Platform/opencti/releases/tag/5.5.0 I'll keep on working on the Spanish localization during the Christmas Holidays.

#STIX

News on AWS Security Lake, leveraging the Open Cybersecurity Schema Framework (#OCSF) is making the rounds. Proud that not only is IBM Security a launch partner, but #QRadar was one of the very few products name-dropped in the launch keynote.

https://aws.amazon.com/blogs/aws/preview-amazon-security-lake-a-purpose-built-customer-owned-data-lake-service/

Note that we have also added support for #AWS Security Lake to the Open Cybersecurity Alliance #STIX Shifter and #Kestrel projects - you can query and threat-hunt across AWS *and ~ 30 other products and clouds* all from one place, and apply out-of-the box ML and analytics... check it out if you have not.

https://opencybersecurityalliance.org/try-kestrel-in-a-cloud-sandbox/

"Making Cobalt Strike harder for threat actors to abuse"

#CyberAttack #Threat #CobaltStrike #IoC #YARA (#STIX)

https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse

We have been working with the #OCA Indicator of Behavior Working group to develop ways to represent cyber adversary behaviors, detections, and ways to correlate detections in machine readable formats.

We now have some reference implementation #STIX bundles and a python script to convert STIX 2.1 bundles to #neo4j graph databases available on GitHub if anyone is interested.

https://github.com/opencybersecurityalliance/oca-iob

This document does not need a presentation for #ThreatIntelligence analysts but its the title: "STIX™ Best Practices Guide Version
1.0.0".

Link: https://docs.oasis-open.org/cti/stix-bp/v1.0.0/cn01/stix-bp-v1.0.0-cn01.html#_Toc111555336

#MustRead #CTI #STIX #BestPractices #ThreatIntelligence

A new version of the #MISP core format is out. It's used to exchange cybersecurity threat information (#CTI) as JSON objects between Open Source Threat Intelligence Sharing Platform instances (aka Malware Information Sharing Platform) and complements other CTI formats like #STIX.
https://twitter.com/MISPProject/status/1265624489360003072 …

Announcement : Today we release a new export format - our #ThreatIntel can now be consumed in customer's #MISP portal. We translate our #STIX context and relationships as tags, comments and objets in MISP format @MISPProject