Artifacts Found In the Wild

Introductions

[2017] the CIFv3 Book
[2015] the CIF Book
[2014] Applied Network Security Monitoring
[2013] How to Normalize Threat Intelligence Data from Multiple Sources- Tech Talk
[2012] Introduction to the Collective Intelligence Framework
[2012] Toolsmith

SEM Integration

[2015] Query CIF from Logstash
[2012] Querying CIF Data From Splunk
[2012] CIF Integration with ArcSight
[2012] Using CIF to create content for ArcSight – Part 1
[2012] Using CIF to create content for ArcSight – Part 2
[2012] ELSA with the Collective Intelligence Framework
[2012] More (Advanced) Querying CIF Data With Splunk
[2012] Using CIF with SiLK

Advanced Stuff

[2014] Identifying Malware Traffic with Bro and the Collective Intelligence Framework
[2012] CIF Globe (github)
[2013-07] Kyle Maxwell -- Open Source Threat Intelligence Overview [live]
[2013-07] SANS - Blog Spam - annoying junk or a source of intelligence?

Talks

All content licensed under CCv3 unless otherwise specifically specified.

2013 -- PacketPushers HealthyParanoia, the Dudes of REN-ISAC (podcast)
2013 -- AusCERT peering: the next ten years.
2013 -- MAAWG: data-sharing economics
2012 -- GFIRST/NIST|APWG: the next ten years
2012 -- FIRST.org: Sharing data's hard here's how we did it (mp3)
2012 -- Internet2 Combined Industry and Research Constituency Meeting
2012 -- Zombie Hunting
2011 -- ISOI9
2011 -- REN-ISAC Member Meeting (Private)
2011 -- Educause SPC (Private)
2010 -- REN-ISAC Members Meeting (Private)
2010 -- DDCSW2 (Private)
2009 -- DDCSW1 (Private)
2009 -- Internet2 Joint Techs (NA)
2009 -- Educause SPC (NA)

Papers