Filigran
Published in

Filigran

SEKOIA.IO Threat Intelligence in OpenCTI

We are glad to announce that the connector between SEKOIA.IO and the OpenCTI platform has been released! This gives a new opportunity to our users to increase the number of sources in their platform and drive better deductions by crossing them.

What is SEKOIA.IO?

The main goals of the platform are to provide companies a mean to neutralize cyber attacks before suffering from its consequences. This approach allies threat knowledge and automation capabilities to give the higher ground back to the security teams.

SEKOIA.IO Cyber Threat Intelligence overview

To make anticipation real, the platform goes beyond the average approach in attacker modeling and makes this intelligence available both for its detection engine and for its partners as CTI feeds.

What kind of threat intelligence SEKOIA.IO provides?

SEKOIA.IO threat intelligence is produced in line with 5 main drivers: freshness, confidence, exclusiveness, coverage, actionability. The result is a native STIX 2.1 CTI with valuable information and context.

SEKOIA.IO indicators tab
  • For freshness, half of the intelligence is created when a hot topic becomes real, the other half provides intelligence to the customers before the attacker uses it.
  • For confidence, data is processed through a pipeline designed to verify, qualify, enrich and contextualize each object.
  • For exclusiveness, a lot of trackers are implemented to observe new attacker moves and transform it into valuable indicators that will be used for future attacks.
  • For coverage, the platform transforms every OSINT content (from blog post/ threat lists..) into contextualized objects, allowing the consolidation in a single view on what is said every day.
  • For actionability, SEKOIA.IO provides courses of action associated with campaign or malware.
Report coming from the SEKOIA.IO feed

Therefore, the SEKOIA.IO Threat Intelligence embeds indicators, TTPs, campaigns, reports, malware, targets, courses of action and all other STIX objects that are relationship based.

How the integration works?

The Integration between OpenCTI and SEKOIA.IO is a data import connector. Basically it leverages the ingestion of new intelligence from SEKOIA.IO into an OpenCTI instance with a 100% preservation of source data based on a native STIX 2.1 support on both sides.

Overview of the SEKOIA.IO connector in OpenCTI

The feed roughly embeds 2K+ STIX objets every day. We look forward to work with SEKOIA.IO in the future to enhance the integration between our systems!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store