TAXII – Scubarda

This post is the fifth of a series on Threat Intelligence Automation topic.
Post 1: Architecture and Hardening of MineMeld
Post 2: Foundation: write a custom prototype and SOC integration
Post 3: Export internal IoC to the community
Post 4: Search IoC events with SPLUNK

Long time since my last post. I was very busy creating Cyber Saiyan – a non-profit organization – and organizing RomHack 2018, a free cyber security event that will take place in Rome next September 22th.

On the field of threat intelligence automation and info sharing community building, the work continued too.

I’m working hard with italian community and we setup a STIX/TAXII network using a combination of open source sofware: MISP, OpenTAXII and MineMeld. We are now testing a complex consumer/producer network where companies (producers) can push IoC that, after validation, are injected into the consumer network, a TAXII service built on top of MineMeld.

Continue reading “MineMeld: threat intelligence automation – connect to STIX/TAXII service [5]” →

This post is the third of a series on Threat Intelligence Automation topic.
Post 1: Architecture and Hardening of MineMeld
Post 2: Foundation: write a custom prototype and SOC integration
Post 4: Search received IoC events with Splunk
Post 5: Connect to a TAXII service

After building the architecture and integrating the InfoSec feeds from italian CERT-PA into MineMeld and the near-real-time SOC engine, it’s time to put another brick to build an effective community: export internal IoC to the community in a standard format so authorized parties can get it and use them as they want.

The ultimate goal is to build a community that can share IoC using a standard language and a transport mechanism (STIX/TAXXI) getting data from heterogeneous sources (more integration examples in next posts) and injecting data into the community network.

So let’s start with the configuration steps. Continue reading “MineMeld: threat intelligence automation – export internal IoC to the community [3]” →