Christoffer S.Mar 5

Could I please request some advice from my fellow cybersecurity people. I'm thinking of putting together a public feed of IOCs from public OSINT-reporting.

I've already got everything setup, but I'm not sure if this would be considered... a little bit too much of a scraping activity.

Would it be appreciated, or frowned upon?

#Cybersecurity #ThreatIntel

Show threadClaus Cramon HoumannMar 5
@nopatience to me the question is 'how would anyone consume and action it'. Always my first question when someone wants to do CTI :).
Show threadChristoffer S.Mar 5

@claushoumann 100% which is also why I'm thinking of not just another list of "random" IOCs.

I have all this data and I would like to make it available somehow, but usefully so ... (assuming people are generally OK with it!)

I'm really quite open for suggestions here.

Kinda liking the idea of JSON data, and perhaps it should be structured according to STIX because it would be generally quite easy to consume and ingest.

Show threadClaus Cramon HoumannMar 5
@nopatience I am thinking that if OpenTide could add an “expire by” or “review by”, then you could release in OpenTide format and just push all to MISP and let those who want ingest from there. OpenTide pickup by the community isn’t huge yet, but every little ecosystem addition helps.
Show threadChristoffer S.Mar 5
@claushoumann I feel uneducated about OpenTide. Any suggestions for how to get up-to-speed?
Show threadClaus Cramon Houmann
@nopatience The white paper on opentidehq on github is worth a read :). If not, ping me for a demo sometime.
Mar 5 at 2:15pmWeb