Long time since my last post. I was very busy creating Cyber Saiyan – a non-profit organization – and organizing RomHack 2018, a free cyber security event that will take place in Rome next September 22th.
On the field of threat intelligence automation and info sharing community building, the work continued too.
I’m working hard with italian community and we setup a STIX/TAXII network using a combination of open source sofware: MISP, OpenTAXII and MineMeld. We are now testing a complex consumer/producer network where companies (producers) can push IoC that, after validation, are injected into the consumer network, a TAXII service built on top of MineMeld.
After building the architecture and integrating the InfoSec feeds from italian CERT-PA into MineMeld and the near-real-time SOC engine, it’s time to put another brick to build an effective community: export internal IoC to the community in a standard format so authorized parties can get it and use them as they want.
The ultimate goal is to build a community that can share IoC using a standard language and a transport mechanism (STIX/TAXXI) getting data from heterogeneous sources (more integration examples in next posts) and injecting data into the community network.