Skip to content
/ TIBER-Cases Public

TIBER-Cases is a project created to give cases of The Hive platform for Threat Intelligence Analysts mainly. All the cases are mapped to TIBER-EU processes.

License

Apache-2.0 license
26 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jstnk9/TIBER-Cases

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
cases
cases
 
 
img
img
 
 
scripts/sigma-taxonomy-generator
scripts/sigma-taxonomy-generator
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

TIBER-Cases

TIBER-Cases is a project created to give cases of The Hive platform for Threat Intelligence Analysts mainly. All the cases generated are mapped to TIBER-EU processes.

TIBER-EU process is complex to implement in order to work in an agile way. It takes a lot of intercommunication between different departments and suppliers.

The cases generated for The Hive have the main objective of quickly implementing the tasks that the Threat Intelligence team has to perform. In this way, work agility is achieved.

Full explanation about this project in my blog: https://jstnk9.github.io/jstnk9/blog/TIBER-EU-ES-Threat-Intelligence-Series-01

TIBER-EU

How they define themselves is: TIBER-EU is the European framework for threat intelligence-based ethical red-teaming. It is the first EU-wide guide on how authorities, entities and threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyberattack.

Threat Intelligence Process

To simplify the entire TIBER-EU document and the Threat Intelligence section a bit, I wanted to make a process explaining the most important points of the framework for those analysts who are going to work on it. Specifically, I have focused on the "Processes/Activities Threat Intelligence" section of the official TIBER-EU process.

Jstnk_TIBER_TI

blog: https://jstnk9.github.io/jstnk9/blog/TIBER-EU-ES-Threat-Intelligence-Series-01

Red Team Process

To simplify the entire TIBER-EU document and the Red Team section a bit, I wanted to make a process explaining the most important points of the framework for those analysts who are going to work on it. Specifically, I have focused on the "Processes/Activities Red Team Test" section of the official TIBER-EU process.

Jstnk_TIBER_RT

blog: https://jstnk9.github.io/jstnk9/blog/TIBER-EU-ES-Red-Team-Series-01/

Blue Team Process

To simplify the entire TIBER-EU document and the blue team section a bit, I wanted to make a process explaining the most important points of the framework for those analysts who are going to work on it. Specifically, I have focused on the "Processes/Activities Closure Phase" section of the official TIBER-EU process.

Jstnk_TIBER_BT

Feedback and contributions

Feel free to open issues if you want collaborate or send any feedback.

ToDo

  • Threat Intelligence Provider cases
  • Blue Team cases
  • Red Team Provider cases
  • New blog series

Contact

@Joseliyo_Jstnk

References

TIBER-EU: https://www.ecb.europa.eu/paym/cyber-resilience/tiber-eu/html/index.en.html

TIBER-ES: https://www.bde.es/bde/es/secciones/servicios/tiber-es-3f6bfe7e907ed71.html

The Hive Project: https://thehive-project.org/

About

TIBER-Cases is a project created to give cases of The Hive platform for Threat Intelligence Analysts mainly. All the cases are mapped to TIBER-EU processes.

Topics

misp thehive blueteam redteam purpleteam thehive-project tiber-eu

Resources

Readme

License

Apache-2.0 license
Activity

Stars

26 stars

Watchers

5 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages