Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Threat Intelligence for Incident Response

Threat Intelligence for Incident Response

As presented at BSides Puerto Rico 2014

Kyle Maxwell

April 04, 2014
Tweet

More Decks by Kyle Maxwell

Other Decks in Technology

Transcript

  1. Yada Yada Yada Opinions are my own and not necessarily

    anybody else’s. I don’t represent anybody but myself here. I am not a lawyer and this is not legal advice. Wait 30 minutes after this presentation before swimming. Snape kills Dumbledore and Vader is Luke’s father. Your mileage may vary. Standard terms and exclusions apply.
  2. Direction What will the program achieve? Who will act on

    the intelligence? What do they need?
  3. What do you already have? What do you need? What

    can you get (easily?) How will you store it? Collection
  4. Actor - who did it? Action - what did they

    do? Asset - what did they do it to? Attribute - how was it affected? Documentation, classification examples, enumerations: http://veriscommunity.net VERIS Framework