Taggart Mar 5, 2025
Hey Fedi friends! Given the uncertainty around the future of the US federal government's ability to provide accurate, timely, and impartial cyber threat intelligence, a bunch of us have started talking about strategies to build/expand some of these capabilities independent of the government. Very early days—shaping the problem, discussing options, etc. But if you'd be interested in the conversation and willing to help organizations build CTI capability, please DM me.
Show threadronkuhlMar 6, 2025
@mttaggart Perhaps a good model for this is the way the Sigma Rules project (https://github.com/SigmaHQ/sigma.git) handles community-based SIEM detection rule creation and distribution. They have a simple ontology-based yaml file structure which accommodates other standards such as STIX/TAXII and ATT&CK. While it's not the solution for impartial gathering of OSINT or OPENCTI, it could certainly aid in distribution of threat intel once gathered.
GitHub - SigmaHQ/sigma: Main Sigma Rule Repository

Main Sigma Rule Repository. Contribute to SigmaHQ/sigma development by creating an account on GitHub.

GitHub
Show threadTaggart 

@ronkuhl Yep! Pretty familiar:

https://taggartinstitute.org/p/detection-with-sigma

Automated Detection with Sigma

The Taggart Institute exists to provide low-cost, high-quality technology training to everyone in a welcoming, supportive community.

Mar 6, 2025 at 12:09amWeb
Show threadRoss SmithMar 6, 2025
@mttaggart @ronkuhl Thanks for this! I'm sure I'm not the only one starting their infosec "turn on, tune in, drop out" journey. Appreciate some starter material.