FIRST CTI Conference 2023

Spin Your CTI Process Round - Andreas Sfakianakis

Is your CTI team struggling to operationalize the CTI process? Don't worry, your team is not the only one! During the "CTI journey", CTI teams try out approaches and tools, hoping to give value to their organization. This is usually a trial and error process, and when not successful, it costs money and time for organizations and also demotivates CTI analysts. This presentation will discuss some of the basic "baby" steps that CTI teams often neglect. We will be focusing on case management and intelligence workflows. Moreover, we will elaborate on how you can take advantage of the knowledge produced by the CTI team and provide meaningful metrics to the CTI team and the management. Finally, we elaborate on the essential ingredients for CTI teams in the early phases of their "CTI journey". The key takeaway for the audience is the realization of some basic steps that a CTI team has to take to coordinate its workload better, build workflows, and better manage the CTI knowledge it produces. The audience will also be presented with real-world examples and implementations within corporate environments of such approaches. Ideally, we will give you some hints to spin your CTI process round!

This repository includes the references used for the presentation titled "Spin Your CTI Process Round". The presentation took place during FIRST CTI Conference 2023 on 8 November 2023:

1. SANS 2023 CTI Survey: Keeping Up with a Changing Threat Landscape - https://www.sans.org/white-papers/2023-cti-survey-keeping-up-changing-threat-landscape/
2. ThreatIntel.EU - Andreas Sfakianakis - Intelligence Requirements: the Sancho Panza of CTI - https://threatintel.eu/2019/09/24/intelligence-requirements-and-don-quixote/
3. Brian Warehime - Collection Maturity Model Framework - https://medium.com/@brianwarehime_79186/collection-maturity-model-framework-2d2b4631e3fc
4. Red Canary - A practical approach to threat modeling - https://redcanary.com/blog/threat-modeling/
5. INSA - Cyber Intelligence: Preparing Today's Talent for Tomorrow's Threats - https://issuu.com/insalliance/docs/insa_cyber_intel_preptalent
6. SANS CTI Summit 2019 - How to Get Promoted: Developing Metrics to Show How Threat Intel Works - https://www.youtube.com/watch?v=-d38C3992aQ
7. Gert-Jan Bruggink - CTI Metrics - https://github.com/gertjanbruggink/Metrics
8. FIRST CTI 2019 - Metrics and ATT&CK - https://www.first.org/resources/papers/london2019/Metrics-and-attack-website.pdf
9. Threat Intelligence in ISO 27001:2022 - https://evalian.co.uk/threat-intelligence-in-iso-270012022/
10. ENISA - Threat Landscape Methodology - https://www.enisa.europa.eu/publications/enisa-threat-landscape-methodology
11. ThreatIntel.EU - Andreas Sfakianakis - Excel-ing at Threat Intelligence Platform (TIP) Requirements - https://threatintel.eu/2021/01/22/exceling-at-threat-intelligence-platform-tip-requirements/
12. ThreatIntel.EU - Andreas Sfakianakis - Still thinking your Ex(cel)? Here are some TIPs - https://threatintel.eu/2021/03/19/sans-cti-summit-2021-video-recording/
13. SharePoint - https://www.microsoft.com/en-us/microsoft-365/sharepoint/collaboration
14. Jira - https://www.atlassian.com/software/jira
15. Confluence - https://www.atlassian.com/software/confluence
16. Azure DevOps - https://azure.microsoft.com/en-us/products/devops
17. ServiceNow - https://www.servicenow.com/
18. Reqfast - https://reqfast.com/
19. List of Threat Intelligence Platforms - https://github.com/sfakiana/SANS-CTI-Summit-2021#threat-intelligence-platforms
20. DocIntel - https://docintel.org/