Correlating between numerous intel feeds can be a challenge for many organizations, while threat intelligence platforms (TIPs) assist, there is still a requirement for additional contextual information. To address this, FirstEnergy SOC developed a semi-automated process to ingest customized OSI into their TIP, add contextual data, and then automatically share with the community.
This session demonstrates their approach of OSI ingestion to add contextual information into the TIP. Because the grouping of indicators is by the report, this enhanced the capability to identify actionable threats. Also covered in this session is leveraging Social Media (SM) within the same automation approach. Reports can group indicators together by the campaign, actor, and even other reports. This assists in evaluating the threat beyond a single indicator and provides the needed enriched contextual data.
NOTE: A valid email address is required to receive your requested asset.