STIX – WindowsTechs.com

How To Integrate or Query My Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed In Your Firewall or Security Solution – An Analysis

Posted on February 21, 2022 by Dancho Danchev

Dear blog readers,Did you already pull my public and free STIX STIX2 TAXII threat intelligence feed using your and your organization’s Lifetime API Key?In this post I’ve decided to elaborate more and offer practical advice and links in terms of how you… Continue reading How To Integrate or Query My Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed In Your Firewall or Security Solution – An Analysis→

Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed – Your Lifetime API Key!

Posted on February 17, 2022 by Dancho Danchev

Hi, everyone,This is Dancho. Big news! I’ve decided to make approximately 15 years of active and unique threat actor specific research publicly accessible online for free using the OpenCTI STIX STIX2 TAXII platform and not only convert all the cool and… Continue reading Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed – Your Lifetime API Key!→

Who Needs A Niche Threat Actor Specific IoC (Indicator of Compromise) STIX/STIX2/TAXII Feed?

Posted on February 12, 2022 by Dancho Danchev

UPDATE: The feed’s official web site including the brochure.Dear blog readers,Who needs access to my STIX/STIX2/TAXII Threat Actor Specific IoC (Indicator of Compromise) feed? Drop me a line today at dancho.danchev@hush.comStay tuned!

Continue reading Who Needs A Niche Threat Actor Specific IoC (Indicator of Compromise) STIX/STIX2/TAXII Feed?→

Trust us, information sharing can work. Here’s how we’re doing it.

Posted on May 26, 2020 by cyber_admin

You know what’s worse than trying to share cybersecurity information? Writing about it. Everyone has read over and over again about how important information sharing is for cybersecurity. The idea is certainly not new. It’s definitely not cool. It’s also hard. No one has completely nailed it even after talking about it for decades. Why is information sharing so hard and why are we still working on it? We’ve identified plenty of barriers and worked to address them. In many cases, we’ve addressed them quite well. For example, information sharing is tough from a technical perspective because the volume and speed of data continues to increase. So the community developed standards like STIX (Structured Threat Information eXchange) as a common language to share indicators and context at machine speed, TAXII (Trusted Automated eXchange of Intelligence Information) to provide a protocol for the transfer of information, and MITRE’s ATT&CK framework for […]

The post Trust us, information sharing can work. Here’s how we’re doing it. appeared first on CyberScoop.

Continue reading Trust us, information sharing can work. Here’s how we’re doing it.→

Busting Cybersecurity Silos

Posted on November 12, 2018 by Sridhar Muppidi

To break down cybersecurity silos, professionals must work together to share security information and build collaborative solutions to address the evolving cybersecurity threat landscape.

The post Busting Cybersecurity Silos appeared first on Security Intelligence.

Continue reading Busting Cybersecurity Silos→

ISC Top-100 Malicious IP: STIX Feed Updated

Posted on November 21, 2017 by Xavier

Based on my previous ISC SANS Diary, I updated the STIX feed to answer the requests made by some readers. The feed is now available in two formats:

STIX 1.2 (XML) (link)
STIX 2.0 (JSON) (link)

There are updated every 2 hours. Enjoy!
[The post ISC Top… Continue reading ISC Top-100 Malicious IP: STIX Feed Updated→

[SANS ISC] Top-100 Malicious IP STIX Feed

Posted on November 17, 2017 by Xavier

I published the following diary on isc.sans.org: “Top-100 Malicious IP STIX Feed“. Yesterday, we were contacted by one of our readers who asked if we provide a STIX feed of our blocked list or top-100 suspicious IP addresses. STIX means “Structured Threat Information eXpression” and enables organizations to share indicator

[The post [SANS ISC] Top-100 Malicious IP STIX Feed has been first published on /dev/random]

Continue reading [SANS ISC] Top-100 Malicious IP STIX Feed→

NSA Advocates Data Sharing Framework

Posted on June 23, 2017 by Tom Spring

Fighting attackers needs a new approach that leverages a public-private data sharing framework, enabling immediate and collective responses. Continue reading NSA Advocates Data Sharing Framework→

NSA-Backed OpenC2.org Aims to Defend Systems at Machine Speed

Posted on June 22, 2017 by Tom Spring

Security experts, vendors, business and the NSA are developing a standardized language that rather than autonomously understands threats, acts on them. Continue reading NSA-Backed OpenC2.org Aims to Defend Systems at Machine Speed→

NSA’s new open language for cyber-defenses will aid interoperability

Posted on June 14, 2017 by Shaun Waterman

Led by the NSA, a group of cybersecurity experts and vendors has been busy behind the scenes for more than a year, developing an open, standardized computer language for the command and control of cyber-defenses — OpenC2. The idea of OpenC2 is to let different elements of cyber-defense technology communicate at machine speed — regardless of whether or not they are made by the same vendor and no matter which programming language they use. Cyber-defenders “have to have an automated machine response,” to outpace the attacker, said NSA official Joe Brule, the original convener of the OpenC2 process. “We’re going to have to have standardized interfaces” to allow security tools from different vendors to talk to each other, he told the Gartner Security and Risk Management Summit on Tuesday. The use of standardized interfaces and protocols enables interoperability of different tools, regardless of the vendor that developed them, the language they are written in or […]

The post NSA’s new open language for cyber-defenses will aid interoperability appeared first on Cyberscoop.

Continue reading NSA’s new open language for cyber-defenses will aid interoperability→