Even if you operated the worlds largest honeynet, you’d still be missing this one thing…
When you bet on a game, do you check the line? or go with your instincts..? Do you find yourself pouring over endless research to make the right pick? Do you know something the bookies don’t?
Wouldn’t it be cool, if your IDS could start hunting automatically.. simply by paying attention to your #ops channel?
While everyone else is trying to rack servers, build API’s, client tools, documentation and billing systems, you’re already way ahead of them, spending the majority of your time hunting…
After a few cycles of just looking at the data, a funny thing happens.. you start making choices a bit differently, if only because there's data staring at you in the face....
... and in less than 5min you're streaming all the public data from within CSIRTG (which- at the time of this writing is comprised mostly of various types of scanning activity from honeypots as well as odd-ball spam/phishing urls, email addresses, email attachment hashes, etc..).
There is also an example feed and correlation tool to help get you started, maybe even generate an idea or two. The correlation tool looks at all the scanners coming across all the feeds in real-time and simply produces a correlated indicator when it finds an indicator created across 3 different users within a 24 hour period. Crazy simple, yet produces a highly suspect list of suspicious actors that can be confidently acted on in your security infrastructure.
Applied research, content and tools to help you solve real problems.
Did you learn something new? How much is that worth to you?