Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

From MITRE ATT&CKcon Power Hour December 2020

By Valentina Palacín, Sr. Cyber Threat Intelligence Analyst

No one can deny the tremendous impact that ATT&CK had on the cybersecurity industry, nor the usefulness of having a good Threat Library at your disposal. But the question Valentina gets asked over and over by people from small companies is always the same: “How could I leverage threat intelligence using ATT&CK with limited time and resources?” And so far, there hasn't been a good answer. That’s why she decided to come up with the Threat Mapping Catalogue (TMC), a tool that combines the power of the mappings already available in the ATT&CK website, TRAM and the ATT&CK Navigator, to better process, consume and incorporate new mappings while organizing them around different categories.

  • Be the first to comment

  • Be the first to like this

Helping Small Companies Leverage CTI with an Open Source Threat Mapping

  1. 1. Valentina Palacín THREAT MAPPING CATALOGUE
  2. 2. TABLE OF CONTENTS 01 ABOUT ME 02 INSPIRATION 03 IDEA 04 EXPECTATIONS 05 REALITY 06 FUTURE
  3. 3. 01 ABOUT MEValentina Palacín @fierytermite
  4. 4. VALENTINA PALACÍN @FIERYTERMITE Translator Threat Intelligence Analyst Threat Hunter & Python Developer in progress
  5. 5. 02 INSPIRATIONHow was the idea born ?
  6. 6. THREAT LIBRARY Knowledge Base for distilled and curated intelligence insights produced by CTI Research Teams & OSINT Sources.
  7. 7. HowCAN I LEVERAGE SOMETHING LIKE THIS IF I DON’T HAVE A DEDICATED TEAM?
  8. 8. 03 IDEAThreat Mapping Catalogue
  9. 9. WHAT IF…? TMC ATT&CK
  10. 10. 04 EXPECTATIONS Capabilities
  11. 11. MY WISHLIST ● Load DB with ATT&CK content ● Use TRAM to load new relationships ● Manually add adversary mappings ● Create more relationships (industries, dates, adversary types…) ● Explore relationships through GUI ● Edit selected data through GUI ● Edit relationships through GUI ● Export data to ATT&CK Navigator ● Dockerize everything for easy deployment
  12. 12. But2020
  13. 13. WHY DID I DO THIS TO MYSELF?
  14. 14. 05 REALITYCapabilities
  15. 15. SO FAR… ● Load DB with ATT&CK content ● Use TRAM to load new relationships ● Manually add adversary mappings ● Create more relationships (industries, dates, adversary types…) ● Explore relationships through GUI ● Edit selected data through GUI ● Edit relationships through GUI ● Export data to ATT&CK Navigator ● Dockerize everything for easy deployment
  16. 16. /first-time git clone https://github.com/fierytermite/attack-navigator git clone --branch tmc https://github.com/fierytermite/tram-1 git clone https://github.com/intelforge/tmc * Register and Login with the new user
  17. 17. FIRST…
  18. 18. FIRST… 1.3H
  19. 19. localhost:4200/fetch/http:%2F%2Flocalhost:5000%2Fstatic%2Fexport%2Fadversary_1_60ba8984-3b68-11eb-834e-080027bab013.json
  20. 20. 06 FUTURECapabilities
  21. 21. GOALS ● Create more relationships (dates, adversary types…) ● Manually load new mapping ● Edit relationships through UI ● Dockerize everything for easy deployment ● Add relational graphs to study the adversaries
  22. 22. BUT FOR NOW…
  23. 23. CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon, and infographics& images by Freepik. THANKS! Please keep this slide for attribution. Do you have any questions? @fierytermite linkedin.com/in/valentinapalacin Credits: This presentation template was created by Slidesg, including icons by Flaticon and infographics & images by Freepik.

×