I thought I'd share a little bit more about the talk I'm giving at #cybercon2023 ...

<<Threat intelligence without boiling the ocean>>

Whilst no one will ever tell you that threat intelligence is easy, setting out on the path to use it in smart ways doesn't need to be overwhelming. Today, the amount of open source intelligence feeds, documents, blog posts and information shared in the community can easily leave operational or Intel analysts feeling unsure where to start.

#DocIntel is an open source project that was created to help streamline this process by providing a platform to collect, store, process, and organise information from various threat intelligence sources.

Using DocIntel we can take input from threat intel reports both public and private, RSS feeds, and blog posts. In this talk we'll cover how DocIntel is helping to reduce the effort required to transform this data into information that can be utilised to protect and respond. The audience will learn how to set this up in DocIntel and we'll walk through the workflow from adding a source to reviewing and registering a document.

After we have distilled our information in DocIntel, we will walk through how to connect DocIntel to a #MISP instance to easily share and disseminate the indicators across various technology platforms and sharing groups.

The talk will explain the high level concepts as well as demonstrate how this works in practice to give the audience a guide on how best to start with collecting and dealing with open source threat intelligence.