INFORM-Framework: Bedrohungsbasierte Cybersicherheit messbar machen

Strategische Verteidigungsplanung mit neuem Messansatz

Die MITRE Cyber Threat Intelligence Division (CTID) präsentiert INFORM, ein webbasiertes Bewertungsinstrument für bedrohungsorientierte Sicherheitsarchitekturen

https://www.all-about-security.de/inform-framework-bedrohungsbasierte-cybersicherheit-messbar-machen/

#mitre #framework #cyberthreat #cybersecurity #RedTeam

----------------

🛠️ Tool
===================

Opening: TDO Standalone Extractor is a self-contained tool for extracting Cyber Threat Intelligence (CTI) from documents. It targets analysts who need structured CTI from heterogeneous sources and automates conversion to machine-readable schemas.

Key Features:
• Multi-format support: processes PDF, DOCX, TXT, and Markdown inputs.
• Comprehensive schema: emits a CTI schema covering 12 entity types and 24 relationship types with rich properties.
• LLM integration: leverages Google Gemini models with automatic fallback parsing for resilient extraction.
• Detection & flow outputs: generates evidence-backed detection opportunities and an Attack-Flow JSON mapping to MITRE ATT&CK.
• Structured reliability: uses pydantic schemas to validate outputs and report parsing success.
• Parallel processing: supports concurrent file processing with progress tracking and job controls.

Technical Implementation:
• Core extraction relies on LLM-driven entity and relation parsing with structured output prompts and schema validation using pydantic models.
• Gemini serves as the primary model with configurable model selection and retry/backoff parameters conceptually managed via environment configuration.
• Outputs include per-file {filename}_extracted.json and human-readable Markdown summaries; optional artifacts include Attack Flow JSON and CSV summaries.

Use Cases:
• Automating ingestion of vendor reports and feeds into CTI platforms.
• Producing detection rule candidates with supporting evidence for SOC engineers.
• Feeding structured ATT&CK flow artifacts into threat modeling and reporting pipelines.

Limitations:
• Dependence on external LLM access and model availability for parsing fidelity.
• Quality of extraction tied to input document clarity and LLM hallucination risk; validation via pydantic mitigates schema errors but not semantic gaps.
• No built-in deployment orchestration; environment-based configuration required conceptually for API keys and model selection.

References:
• pydantic schema validation
• MITRE ATT&CK mapping

🔹 tool #cti #pydantic #MITRE #LLM

🔗 Source: https://github.com/Blevene/standalone_tdo

Пробуем на вкус техники MITRE ATT&CK — T1547.001 Ключи запуска в реестре — Папка автозагрузки

Этой статьей я начинаю цикл «Пробуем на вкус техники MITRE ATT&CK». Суть данного цикла - изучать логи, сформированные одной из реализаций той или иной техники MITRE ATT&CK (далее MA). Необходимоеуточнение — не все реализации той или иной техники будут рассмотрены, так как я буду выбирать интересные лично для меня и, возможно, предложенные в комментариях.

https://habr.com/ru/articles/979656/

#SOC #ИБ #MITRE

Mitre (MTRE3) aprova dividendos e divide pagamento em duas parcelas

🇧🇷 Leia mais: https://guiadoinvestidor.com.br/mercado/mitre-mtre3-aprova-dividendos-e-divide-pagamento-em-duas-parcelas/

#Mercado #Dividendos #Mitre #MTRE3

Inside the attack chain: Threat activity targeting Azure Blob Storage - https://www.redpacketsecurity.com/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/

#threatintel
#Azure Blob Storage
#Cloud Storage Security
#Microsoft Defender for Storage
#MITRE ATT&CK
#Threat Intelligence

Inside the attack chain: Threat activity targeting Azure Blob Storage - https://www.redpacketsecurity.com/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/

#threatintel
#Azure Blob Storage
#Cloud Storage Security
#Microsoft Defender for Storage
#MITRE ATT&CK
#Threat Intelligence

#MITRE shares 2025's top 25 most dangerous software weaknesses

https://www.bleepingcomputer.com/news/security/mitre-shares-2025s-top-25-most-dangerous-software-weaknesses/

#cybersecurity