When we started the Collective Intelligence Framework (aka: 'CIF') 8 years ago, our goal was to make it easier to consume, normalize, store and use threat intelligence from multiple providers. We shipped many open-source intelligence feeds as default providers to help demonstrate the CIF platform and highlight a lot of the great work that is given back to the security community.
We hoped CIF and similar tools would help create a larger market for intelligence providers to compete, helping reduce the cost of threat intelligence as well as the barriers to entry for publishing intelligence. We've since learned that maintaining infrastructure that enables the publishing of threat intelligence is no small task. Each year, millions of dollars are spent trying to solve this problem, and with that, the added requirement of signing clients with huge balance sheets, leaving most open-source threat intelligence providers to fend for themselves.
For those of you "internet-do-gooders" who are having a hard time hosting your data, getting people to use your data and spending all those precious cycles on hosting, bandwidth and broken-disks, this is our contribution to you. we're calling it Project CSIRTG and it runs on AWS which, will enable us to scale as our community grows.
To publish a new feed, simply click the "+" and select "Feed".
Fill in the blanks.
Click the "+" menu item and select "Observable for ..."
Fill in the blanks.
and voila! your feed is ready to go!
Behind the scenes, you'll find an API and an SDK, which means, making the intel actionable is a snap! By default, the API provides JSON output, but the SDK handles all the mechanics for us. The SDK includes a CLI interface that makes it easy to interact with CSIRTG on the CLI:
$ csirtg --search example.com
As things evolve, we'll post more examples, how-to's and helpful hints on using this platform, but for now, it's our way of saying "Thank You" to all the 'do gooders' out there who've helped the open-source, threat intelligence community thrive into what it has become today.
