Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Exploring Threat Intelligence: Insights and Tools from Vertex Synapse

Scott J. Roberts
July 06, 2023
Technology
0
14

Exploring Threat Intelligence: Insights and Tools from Vertex Synapse

This presentation will delve into the world of threat intelligence, with a particular focus on the insights and tools provided by Vertex Synapse. The discussion will cover a range of concepts and techniques, including threat modeling, vulnerability scanning, and incident response. Through real-world examples and case studies, attendees will gain a better understanding of how to apply these concepts and tools to their own security operations. Additionally, the presentation will touch on emerging trends in the field, such as the use of machine learning and artificial intelligence in threat intelligence. By the end of the presentation, attendees will have a solid foundation for building a comprehensive and effective threat intelligence program.

Scott J. Roberts

July 06, 2023
Tweet

More Decks by Scott J. Roberts

See All by Scott J. Roberts
Skynet the CTI Intern: Building Effective Machine Augmented Intelligence
sroberts
0
43
DRIVING INTELLIGENCE WITH MITRE ATT&CK: LEVERAGING LIMITED RESOURCES TO BUILD AN EVOLVING THREAT REPOSITORY
sroberts
0
19
Homemade Ramen & Threat Intelligence
sroberts
2
460
Introduction to Open Source Security Tools
sroberts
3
4.8k
Building Effective Threat Intelligence Sharing
sroberts
1
100
Japanese Manufacturing, Killer Robots, & Effective Incident Handling
sroberts
0
100
Crisis Communication for Incident Response
sroberts
1
300
Hipster DFIR on OSX - BSidesCincy
sroberts
3
3.2k
Community Intelligence & Open Source Tools
sroberts
5
1.1k

Other Decks in Technology

See All in Technology
初中級者用如何使用backlog -VALE TUDOEDITION-
in0u
0
140
「我々はどこに向かっているのか」を問い続けるための仕組みづくり / Establishing a System for Continuous Inquiry about where we are
daitasu
0
170
スレットハンティングについて知っておきたいこと
hacket
0
130
可視化プラットフォームGrafanaの基本と活用方法の全て
hamadakoji
0
230
年間一億円削減した時系列データベースのアーキテクチャ改善~不確実性の高いプロジェクトへの挑戦~
lycorptech_jp
PRO
3
2.9k
[NIKKEI Tech Talk] KDDI/KAG Scrum & Community for Engineering Training
curanosuke
2
220
技術負債による事業の失敗はなぜ起こるのか / Why do business failures due to technical debt occur?
i35_267
0
190
LINE WORKSへ簡単通知!Incoming Webhookアプリの紹介
mmclsntr
0
110
大規模ドラレコデータ収集・機械学習基盤を支える AWS CDK 〜導入・運用事例紹介〜
pemugi
0
110
開発生産性をむしろ向上させる
セキュリティパートナーの作り方 / Dev Productivity Con 2024
flatt_security
0
360
OSSコミットしてZennの課題を解決した話
dyoshikawa1993
0
150
コンテナ・K8s研修 - 前半 コンテナ基礎・ハンズオン【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170

Featured

See All Featured
How to Ace a Technical Interview
jacobian
274
23k
The MySQL Ecosystem @ GitHub 2015
samlambert
248
12k
What's new in Ruby 2.0
geeforr
338
31k
Web Components: a chance to create the future
zenorocha
307
41k
Into the Great Unknown - MozCon
thekraken
20
1.3k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
277
13k
Fontdeck: Realign not Redesign
paulrobertlloyd
79
5.1k
Build your cross-platform service in a week with App Engine
jlugia
227
17k
Pencils Down: Stop Designing & Start Developing
hursman
118
11k
How to Think Like a Performance Engineer
csswizardry
4
590
How to train your dragon (web standard)
notwaldorf
79
5.5k
GitHub's CSS Performance
jonrohan
1026
450k

Transcript

  1. @sjr - 20230706 Exploring Threat Intelligence Insights + Tools from

    Vertex Synapse

  2. YES THIS IS THE RIGHT WAY TO WRITE DATES!!! 20230706

  3. While I’m at it… AND GMT IS THE ONLY TIMEZONE!!!!

  4. Agenda Tell ‘em what you’re gonna tell ‘em… tell ‘em…

    tell ‘em what you told ‘em! • Me & Why You Should Listen to Me • The Briefest Intro to Threat Intelligence Imaginable • Synapse • Key Concepts • CRUD (actually RCUD) • Extras • A pile of homework to read later if you actually care…

  5. Who Am I Anyway? Scott Roberts • Head of Threat

    Research @ Interpres • Adjunct Prof & CTF Coach @ USU • Author, Developer, & CTI Bon Vivant • 20+ years Intrusion Detection, Incident Response, Cyber Threat Intel @ Symantec, Mandiant, GitHub, Apple, Splunk

  6. What is Threat Intelligence?

  7. Cyber Threat Intelligence Analysis More like Q than James Bond…

    What I Actually Do What My Boss Thinks I Do What My Mom Thinks I Do What My Coworkers Think I Do

  8. Cyber Threat Intelligence (For Real) I’m required to have actual,

    useful information… • A set of models, techniques, and procedures to develop an operational & strategic understanding of adversaries • Almost always decision support (which is just what it sounds like) • Help SOC Analysts Identify Intrusions • Help Incident Responders React E ff ectively to Intrusions • Help Leadership & Architects Plan Better for the Next Intrusion • Should be making everyone else’s life easier…

  9. What is Synapse?

  10. What is Synapse? It’s better than a spreadsheet… • Synapse

    is a versatile central intelligence and analysis system created to support analyst teams in every stage of the intelligence life cycle. • A hyper graph based data storage and manipulation layer. • Supports tons of integrations and automation.

  11. Synapse: Key Concepts Fix your brain… • Not a tool,

    not a database, more of a programming language • Nodes (Facts) vs Tags (Assessments) • Pivoting is Life! • Types of reasoning (if you want to be all philosophical…)

  12. Using Synapse

  13. Reading Aka Lifts.

  14. Creating Making new stu ff the same way you look

    up stu ff , but with [ ]

  15. Updating Just like creating, new stu ff in [ ]

  16. Updating Just like creating, new stu ff in [ ]

  17. Updating Just like creating, new stu ff in [ ]

  18. Updating Or use a secondary command… like | note.add

  19. Updating Or use a secondary command… like | note.add

  20. Updating Or use a secondary command… like | note.add

  21. Updating Or use a secondary command… like | note.add

  22. Updating Or use a secondary command… like | note.add

  23. Deleting Sometimes we make mistakes…

  24. Automation Making stu ff happen without making stu ff happen…

    • Macros: A macro is simply a stored Storm query / set of Storm code that can be executed on demand. • Cron: Within Synapse, cron jobs are used to create scheduled tasks, similar to the Linux/Unix “cron” utility. The task to be executed by the cron job is speci fi ed using the Storm query language. • Triggers: Within Synapse, a trigger is a Storm query that is executed automatically upon the occurrence of a speci fi ed event within a Cortex (such as adding a node or applying a tag). “Trigger” refers collectively to the event and the query fi red (“triggered”) by the event.

  25. Power-Ups Making data easy! • Power-Ups provide speci fi c

    add-on capabilities to Synapse via Storm Packages and Services. For example, Power-Ups may provide connectivity to external databases, third-party data sources, or enable functionality such as the ability to manage YARA rules, scans, and matches. • Can be built by hand, pulled from Synapse, or even added from 3rd parties.

  26. Synapse Optic $$$

  27. In Closing…

  28. https://interpressecurity.com/

  29. While I’m plugging stuff… bit.ly/idirv2

  30. Resources • https://synapse.docs.vertex.link/en/latest/ • https://sroberts.io/posts/getting-started-with-synapse/ • https://sroberts.io/posts/e ff ective-tagging-in-synapse/ •

    https://vertex.link/

  31. Thanks & Questions