ETIP: An Enriched Threat Intelligence Platform for improving OSINT correlation, analysis, visualization and sharing capabilities

摘要

Open Source Intelligence (OSINT) data is collected by publicly available sources to be used by intelligence contexts among which Threat Intelligence Platforms (TIPs) are the main consumers. These platforms help organizations aggregate, correlate, and analyze threat data from multiple sources in real-time to support defensive actions. However, considering the unstructured nature of the collected data, TIPs require the data to be correlated with real-time information coming from the monitored infrastructure, before being further analyzed and shared. This paper presents ETIP, an Enriched Threat Intelligence Platform with extended capabilities in terms of import, quality assessment processes, visualization and information sharing in current TIPs. The platform receives structured cyber threat information from multiple sources and performs the correlation among them with static and dynamic data coming from external sources and the monitored infrastructure. This allows the evaluation of a threat score through heuristic-based analysis, used to enrich the information received from OSINT and other sources. The final result is sent to external entities, such as SIEMs, to be further used for a more in-depth analysis, and to be shared with trusted organizations.