by Kevin Libby | Mar 20, 2017 | Blog, Threat Intelligence
How to Leverage the ThreatQ Threat Library Using Carbon Black POSTED BY KEVIN LIBBY You’ve got mail.This is not only a title to a movie that I’d prefer not to ever watch again. It’s also the tip of the spear of what could be a greater campaign by an adversary...
by Mike Clark | Mar 14, 2017 | Blog, Threat Intelligence
A Guide to Indicator Expiration POSTED BY MIKE CLARK There is no shortage of indicator data these days. Large numbers of providers, both commercial and free, have set up shop to help fight the cause. The problem is, a lot of it has a shelf life. Web sites come and...
by Ryan Trost | Mar 7, 2017 | Blog, Threat Intelligence
Scoring…the Initial Pitfall is a B*tch POSTED BY RYAN TROST Intelligence scoring is sexy as hell, especially when done correctly, but teams are almost guaranteed to have a rocky start. The initial pitfall is finding the universal agreement sweet spot across team...
by Mike Clark | Mar 2, 2017 | Blog, Threat Intelligence
Enriching an Indicator with Operations POSTED BY MIKE CLARK One of the ThreatQ platform’s most powerful features is called Operations – our version of “workflow orchestration”. They are customizable plugins (or modules) which can be added to the system in order...
by Ryan Trost | Feb 27, 2017 | Blog, Threat Intelligence
Scoring: "Trust but Verify" POSTED BY RYAN TROST Every security provider publishes a risk score…BUT NOT US! Instead of adding to the data noise – we allow teams to be more efficient with scores! A lot of consumers of intelligence take vendor scores at face value but...
by Ryan Trost | Feb 23, 2017 | Blog, Threat Intelligence
Aging Intelligence Tier II – Maturing Deprecation & Scoring POSTED BY RYAN TROST The next evolution of deprecation and scoring is developing several advanced “aging” algorithms. This provides analysts the next phase of control to be applied to their intelligence...
