Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude

Showing posts with label Threat Intelligence Feed. Show all posts

Monday, February 21, 2022

How To Integrate or Query My Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed In Your Firewall or Security Solution - An Analysis

Dear blog readers,

Did you already pull my public and free STIX STIX2 TAXII threat intelligence feed using your and your organization's Lifetime API Key?

In this post I've decided to elaborate more and offer practical advice and links in terms of how you can pull and integrate my daily updated STIX STIX2 TAXII threat intelligence feed in your firewall or security solution and how you can actually use your Lifetime API Key for my feed in Maltego for possible enrichment of your IoCs (Indicators of Compromise).

Here's your Lifetime API Key for you and your organization - f8aa0cca-a0ac-4eff-9c03-1c86ad7aee93

Portal: https://ddanchev.ngrok.io

API: https://ddanchev.ngrok.io/graphql

API Documentation: https://luatix.notion.site/GraphQL-API-cfe267386c66492eb73924ef059d6d59

API Client: https://opencti-client-for-python.readthedocs.io/en/3.3.0/pycti/pycti.html

API requirements: https://github.com/amr-cossi/opencti-maltego/blob/master/config.py.sample

TAXII Collection: https://ddanchev.ngrok.io/taxii2/root/collections/c2259b20-9c60-4ddd-8931-8de970440f06/objects

Bearer Token Authentication Required: https://github.com/OpenCTI-Platform/opencti/issues/1198

Maltego transforms available: - https://www.maltego.com/downloads/ - https://www.maltego.com/transform-hub/opencti/ - https://www.maltego.com/transform-hub/stix/

As always feel free to drop me a line at dancho.danchev@hush.com in case you have any questions.

Sample screenshots of my STIX STIX2 TAXII Threat Intelligence feed in combination with Maltego:

Enjoy!

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Thursday, February 17, 2022

Public STIX STIX2 TAXII Threat Actor Specific Threat Intelligence Feed - Your Lifetime API Key!

Hi, everyone,

This is Dancho. Big news! I've decided to make approximately 15 years of active and unique threat actor specific research publicly accessible online for free using the OpenCTI STIX STIX2 TAXII platform and not only convert all the cool and juicy and full of never-published and discussed before niche threat actors both internationally and in Russia but also make them into a free STIX STIX2 TAXII threat intelligence feed and turn them into a machine readable format with the idea to centralize and speed up the communication of my research and potentially allow you to better catch up improve your situational awareness and learn new things about the international bad guys including the bad guys in Russia including their Internet infrastructure and catch up with who they are and what are some of their latest campaigns in the world of fighting cybercrime.

Your Lifetime API Key: f8aa0cca-a0ac-4eff-9c03-1c86ad7aee93

Users of Anomali ThreatStream, LogRhythm, Palo Alto MineMeld, TruSTAR TAXII Server including Trend Micro Vision One or Cortex XSOAR and basically anyone using STIX STIX2 and TAXII in their security solution can now freely grab and explore my historical threat actor specific research including to actually pull some of my latest research which I produce every day for free.

Here are the details: