Intelligence Creating Intelligence - Leveraging What You Know to Improve Finding What You Don't

Explore intelligence creation techniques in this 22-minute conference talk from GrrCon 2018. Learn how to leverage existing knowledge to improve threat intelligence gathering and utilization within enterprise environments. Discover effective methods for sourcing threat intel, avoiding common pitfalls in enterprise implementation, and enhancing intel usefulness. Gain insights on initiating the process, comparing noisy intel against historical network data, establishing parameters for low-noise indicators, and compiling actionable threat feeds. Examine additional strategies for data refinement, potential drawbacks of the approach, and real-world implementation results.

Intelligence Creating Intelligence: Leveraging
Where can I get Threat Intel?
Bad Ways of using Threat Intelligence in the Enterprise
What can I do to make intel more useful?
Considerations before starting
Where do I start?
Comparing the "Noisy Intel" against historical network for other data
Establishing parameters to identify low- noise indicators
Compiling the data into a usable threat feed
What are other things I can do to drill down the data?
Drawbacks of this Approach
Implementation Results