-
Notifications
You must be signed in to change notification settings - Fork 4
4: Analysis and Dissemination of Intelligence
Many organizations seek to share intelligence but often fail to understand its value, its limitations, and the right formats to choose for each audience. Additionally, indicator and information shared without analysis is not intelligence. Structured analytical techniques such as the Analysis of Competing Hypotheses can help add considerable value to intelligence before it is disseminated. This section will focus on identifying both open-source and professional tools that are available for students as well as on sharing standards for each level of cyber threat intelligence both internally and externally. Students will learn about YARA and generate YARA rules to help incident responders, security operations personnel, and malware analysts. Students will gain hands-on experience with STIX and understand the CybOX and TAXII frameworks for sharing information between organizations. Finally, the section will focus on building the singular intrusions into campaigns and being able to communicate about those campaigns.
- E14-Analysis of Competing Hypotheses
- E15-Visual Analysis in Maltego
- E16-The Rule of 2
- E17-YARA Rule Development
- E18-STIX Framework IOC Extraction and Development
- E19-Building a Campaign Heat Map
Analysis: Exploring Hypotheses Analysis of Competing Hypotheses Hypotheses Generation Understanding and Identifying Knowledge Gaps Analysis: Building Campaigns Different Methods of Campaign Correlation Understanding Perceived Adversary Intentions Leveraging the Diamond Model for Campaign Analysis Dissemination: Tactical Understanding the Audience and Consumer Threat Data Feeds and Their Limitations YARA Advanced YARA Concepts and Examples Case Study: Sony Attack Dissemination: Operational Partners and Collaboration Government Intelligence Sharing Traffic Light Protocol Standard Information Sharing and Analysis Centers CybOX, STIX, and TAXII STIX Elements and Projects TAXII Implementations Threat Intelligence Metrics Communicating About Campaigns Campaign Heat Maps and Tracking Adversaries