Hi everyone,
I'm Giovanni Mellini and I work in ENAV (Italian Air Traffic Control provider) Security dept.
One of the topics I've been working on over the last few months is threat intelligence automation, or how to automatically integrate threat intelligence feeds into our near-real-time Information Security Operation Center SOC Splunk engine to reduce the time spent by SOC security analysts on IOC analysis.
I found in MineMeld the solution; MineMeld helped me to solve the challenges I had in the past while playing with IOC coming from various threat intelligence sources: collection automation, unduplication, aging and SOC integration.
I wrote a blog post - the first of a series I want to write- about the architecture design and hardening of MineMeld to:
collect feeds from external sources
make available the feeds to trusted sources (internal and external)
put data collected into our SOC near-real-time engine built on top of Splunk
Hope this can be an useful resource for anyone like me is trying to be effective on TI automation.
Many tks again to Luigi Mori for its continued support.
Ciao
Giovanni
... View more