When it comes to creating your own knowledge base, don’t just import a few URLs and call it good. If you really want to customize the data you obtain and make it useful, learn how to tag your TTP data using a markup language, such as Yara. Once you do this, you and others can then conduct granular searches of your cybersecurity knowledge base.
You can, for example, define new malware entities and threat actors relevant for your company. If you have discovered a new exploit, then you can use Yara and other tools found in Yeti to document it and share it with others.
Because Yeti is a TAXII-enabled server, you can obtain and share information as you wish. If you have the time or need, you can even configure Yeti to become a stand-alone, production web server.
Whether your cybersecurity team wants to better leverage and customize information obtained from an ISAO, ISAC or threat intelligence feed or you’re looking to do some self-study, setting up a threat intelligence platform and cybersecurity knowledge base helps to further contextualize that information and supplement it with your own observations. No matter what your need is, free threat intelligence tools such as Yeti can help you collect, organize and share threat intelligence information, such as tactics, techniques and procedures, so you can build your cybersecurity knowledge base and protect your organization more efficiently.
You’re not limited to creating your own threat intelligence feed. If you have accounts for third-party threat feed organizations, you can manage them in Yeti.
For example, let's say that you have created an account for a common threat information sharing service or for your ISAO. You can then configure Yeti to go to that service and obtain that information automatically. All you have to do is enter the relevant authentication information into Yeti's configuration file (yeti.conf).
More Info: comptia a+ description
You can, for example, define new malware entities and threat actors relevant for your company. If you have discovered a new exploit, then you can use Yara and other tools found in Yeti to document it and share it with others.
Because Yeti is a TAXII-enabled server, you can obtain and share information as you wish. If you have the time or need, you can even configure Yeti to become a stand-alone, production web server.
Whether your cybersecurity team wants to better leverage and customize information obtained from an ISAO, ISAC or threat intelligence feed or you’re looking to do some self-study, setting up a threat intelligence platform and cybersecurity knowledge base helps to further contextualize that information and supplement it with your own observations. No matter what your need is, free threat intelligence tools such as Yeti can help you collect, organize and share threat intelligence information, such as tactics, techniques and procedures, so you can build your cybersecurity knowledge base and protect your organization more efficiently.
You’re not limited to creating your own threat intelligence feed. If you have accounts for third-party threat feed organizations, you can manage them in Yeti.
For example, let's say that you have created an account for a common threat information sharing service or for your ISAO. You can then configure Yeti to go to that service and obtain that information automatically. All you have to do is enter the relevant authentication information into Yeti's configuration file (yeti.conf).
More Info: comptia a+ description
No comments:
Post a Comment