Senior Adversary Hunter @dragosinc, Army Veteran,
Cocktail Scientist, APT Researcher |
Opinions are my own and not the views of my employer.
Dec 7, 2019 • 10 tweets • 4 min read
#FridayNightIntel
Building a Taxonomy
So, in threat intelligence, incident response, forensics, and REM, an analyst typically deals with a lot of data points. Organizing or 'bucketing' these data points into a manner coherent and usable to the analyst is an important step.
#FridayNightIntel
There are multiple ways to bucket data as an analyst. Whether utilizing @MITREattack, a Cyber Kill Chain, or the Diamond Model of Intrusion Analysis, every piece of data can be bucketed into a coherent and usable manner by an analyst.
Dec 1, 2019 • 6 tweets • 2 min read
Cyber Threat Intelligence is far more than ingesting IoCs into your SIEM. It takes an application of analyzed threat surfaces against the threat landscape compared to defensive measures to inform decision makers of risk acceptance for secure courses of action of the network.
In laymen's terms (*cough* in management speak *cough*), an adversary targeting X company employs Y capability, that accomplices Z action. We can take A defensive action to prevent B from occuring provided we make C change or patch D infrastructure.