home.social
Sign in Create account

#intelmq — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #intelmq, aggregated by home.social.

  1. MalwareLab @[email protected] ·

    Support for #STIX and #TAXII in #IntelMQ

    For collecting and processing #threatintel feeds, #IntelMQ is a good tool. Simple to deploy and configure, used by several #CSIRT teams.
    For long time, it was sufficient for me, however, with recent changes in #ESET #ThreatIntelligence feeds, I realized that IntelMQ lacks support for TAXII protocol and STIX language and objects...

    After hours of studying the STIX/TAXII documentation, I decided to develop some basic support for collecting the feeds from TAXII servers and parsing the STIX indicators objects.
    This way, IntelMQ can process not only the current #ETI feeds, but also some other sources.

    The commits are currently waiting in pull request in IntelMQ GitHub:
    github.com/certtools/intelmq/p

    #cybersecurity #development #blueteam #cyberdefense #soc #siem

    #stix #taxii #intelmq #threatintel #csirt #eset
  2. MalwareLab @[email protected] ·

    Support for #STIX and #TAXII in #IntelMQ

    For collecting and processing #threatintel feeds, #IntelMQ is a good tool. Simple to deploy and configure, used by several #CSIRT teams.
    For long time, it was sufficient for me, however, with recent changes in #ESET #ThreatIntelligence feeds, I realized that IntelMQ lacks support for TAXII protocol and STIX language and objects...

    After hours of studying the STIX/TAXII documentation, I decided to develop some basic support for collecting the feeds from TAXII servers and parsing the STIX indicators objects.
    This way, IntelMQ can process not only the current #ETI feeds, but also some other sources.

    The commits are currently waiting in pull request in IntelMQ GitHub:
    github.com/certtools/intelmq/p

    #cybersecurity #development #blueteam #cyberdefense #soc #siem

    #stix #taxii #intelmq #threatintel #csirt #eset
  3. MalwareLab @[email protected] ·

    Support for #STIX and #TAXII in #IntelMQ

    For collecting and processing #threatintel feeds, #IntelMQ is a good tool. Simple to deploy and configure, used by several #CSIRT teams.
    For long time, it was sufficient for me, however, with recent changes in #ESET #ThreatIntelligence feeds, I realized that IntelMQ lacks support for TAXII protocol and STIX language and objects...

    After hours of studying the STIX/TAXII documentation, I decided to develop some basic support for collecting the feeds from TAXII servers and parsing the STIX indicators objects.
    This way, IntelMQ can process not only the current #ETI feeds, but also some other sources.

    The commits are currently waiting in pull request in IntelMQ GitHub:
    github.com/certtools/intelmq/p

    #cybersecurity #development #blueteam #cyberdefense #soc #siem

    #stix #taxii #intelmq #threatintel #csirt #eset
  4. MalwareLab @[email protected] ·

    Support for #STIX and #TAXII in #IntelMQ

    For collecting and processing #threatintel feeds, #IntelMQ is a good tool. Simple to deploy and configure, used by several #CSIRT teams.
    For long time, it was sufficient for me, however, with recent changes in #ESET #ThreatIntelligence feeds, I realized that IntelMQ lacks support for TAXII protocol and STIX language and objects...

    After hours of studying the STIX/TAXII documentation, I decided to develop some basic support for collecting the feeds from TAXII servers and parsing the STIX indicators objects.
    This way, IntelMQ can process not only the current #ETI feeds, but also some other sources.

    The commits are currently waiting in pull request in IntelMQ GitHub:
    github.com/certtools/intelmq/p

    #cybersecurity #development #blueteam #cyberdefense #soc #siem

    #siem #soc #cyberdefense #blueteam #development #cybersecurity
  5. MalwareLab @[email protected] ·

    Support for #STIX and #TAXII in #IntelMQ

    For collecting and processing #threatintel feeds, #IntelMQ is a good tool. Simple to deploy and configure, used by several #CSIRT teams.
    For long time, it was sufficient for me, however, with recent changes in #ESET #ThreatIntelligence feeds, I realized that IntelMQ lacks support for TAXII protocol and STIX language and objects...

    After hours of studying the STIX/TAXII documentation, I decided to develop some basic support for collecting the feeds from TAXII servers and parsing the STIX indicators objects.
    This way, IntelMQ can process not only the current #ETI feeds, but also some other sources.

    The commits are currently waiting in pull request in IntelMQ GitHub:
    github.com/certtools/intelmq/p

    #cybersecurity #development #blueteam #cyberdefense #soc #siem

    #stix #taxii #intelmq #threatintel #csirt #eset