Report Curation and Threat Library - How to organize your Knowledge
For organic cyber threat intelligence teams one critical and indispensal input is open source reporting on current threat activities and campaigns. During the year 2021, we have curated and catalogized more than 2300 reports from original sources in order to keep pace with the external threat landscape. But how do you organize all the available reports? And what’s next? This talk gives you some insights and experiences in how we as a CTI team are tackling some of the challenges and what opportunities can be leveraged by using Jira as a basis. The goal is to showcase our approach, incl. the ingestion (e.g. import from various sources), assessment (process for information extraction) and automated processing (e.g. IOC extraction) of reports. Listeners will get the idea that a knowledge base should serve as an organized, indexed and searchable location for structured and unstructured information - a curated and mantained set of materials that provide context, information and analysis.