Automating Open Source Intel (OSI)

Automating Open Source Intel (OSI): Detect ‘19 Presentation Series

Correlating between numerous intel feeds can be a challenge for many organizations, while threat intelligence platforms (TIPs) assist, there is still a requirement for additional contextual information. To address this, FirstEnergy SOC developed a semi-automated process to ingest customized OSI into their TIP, add contextual data, and then automatically share with the community. 

This session demonstrates their approach of OSI ingestion to add contextual information into the TIP. Because the grouping of indicators is by the report, this enhanced the capability to identify actionable threats. Also covered in this session is leveraging Social Media (SM) within the same automation approach. Reports can group indicators together by the campaign, actor, and even other reports. This assists in evaluating the threat beyond a single indicator and provides the needed enriched contextual data. 

Watch the on-demand presentation with Chris Collins, Security Analyst, and Scott Poley, TSOC Manager at FirstEnergy to find out how they have proven ROI of increased accuracy, situational awareness, and how they support timely decisions.

View Now!

NOTE: A valid email address is required to receive your requested asset.