Artifacts Found In the Wild
Introductions
- [2017] the CIFv3 Book
- [2015] the CIF Book
- [2014] Applied Network Security Monitoring
- [2013] How to Normalize Threat Intelligence Data from Multiple Sources- Tech Talk
- [2012] Introduction to the Collective Intelligence Framework
- [2012] Toolsmith
SEM Integration
- [2015] Query CIF from Logstash
- [2012] Querying CIF Data From Splunk
- [2012] CIF Integration with ArcSight
- [2012] Using CIF to create content for ArcSight – Part 1
- [2012] Using CIF to create content for ArcSight – Part 2
- [2012] ELSA with the Collective Intelligence Framework
- [2012] More (Advanced) Querying CIF Data With Splunk
- [2012] Using CIF with SiLK
Advanced Stuff
- [2014] Identifying Malware Traffic with Bro and the Collective Intelligence Framework
- [2012] CIF Globe (github)
- [2013-07] Kyle Maxwell -- Open Source Threat Intelligence Overview
[live]
- [2013-07] SANS - Blog Spam - annoying junk or a source of intelligence?
Talks
All content licensed under CCv3 unless otherwise specifically specified.
- 2013 -- PacketPushers HealthyParanoia, the Dudes of REN-ISAC (podcast)
- 2013 -- AusCERT peering: the next ten years.
- 2013 -- MAAWG: data-sharing economics
- 2012 -- GFIRST/NIST|APWG: the next ten years
- 2012 -- FIRST.org: Sharing data's hard here's how we did it (mp3)
- 2012 -- Internet2 Combined Industry and Research Constituency Meeting
- 2012 -- Zombie Hunting
- 2011 -- ISOI9
- 2011 -- REN-ISAC Member Meeting (Private)
- 2011 -- Educause SPC (Private)
- 2010 -- REN-ISAC Members Meeting (Private)
- 2010 -- DDCSW2 (Private)
- 2009 -- DDCSW1 (Private)
- 2009 -- Internet2 Joint Techs (NA)
- 2009 -- Educause SPC (NA)
Papers
- 2015 - SANS - Who's Using Cyberthreat Intelligence and How?
- 2015 - Microsoft - A framework for cybersecurity information sharing and risk reduction
- 2015 - SANS - Automated Defense Using Threat Intelligence to Augment Security
- 2014 - ENISA - Standards and tools for exchange and processing of actionable information
- 2014 - SANS - Tools and Standards for Cyber Threat Intelligence Projects
- 2013 - ENISA CSIRT Interop
- 2013 - Intelligence Exchange in a free market economy
- 2012 - CERT-PL: Proactive Detection and Automated Exchange of Network Security Incidents