Neat Artifacts Found In the Wild
Introductions
- [2017] the CIFv3 Book
- [2015] the CIF Book
- [2014] Applied Network Security Monitoring
- [2013] How to Normalize Threat Intelligence Data from Multiple Sources- Tech Talk
- [2012] Introduction to the Collective Intelligence Framework
- [2012] Toolsmith
- [2012] 3rd party CIF public instance
- [2012] VZ: Everyday I'm CIFing
SEM Integration
- [2015] Query CIF from Logstash
- [2012] Querying CIF Data From Splunk
- [2012] How to get CIF working with ELSA
- [2012] CIF Integration with ArcSight
- [2012] Using CIF to create content for ArcSight – Part 1
- [2012] Using CIF to create content for ArcSight – Part 2
- [2012] ELSA with the Collective Intelligence Framework
- [2012] More (Advanced) Querying CIF Data With Splunk
- [2012] Using CIF with SiLK
Advanced Stuff
- [2014] Identifying Malware Traffic with Bro and the Collective Intelligence Framework
- [2012] CIF Globe (github)
- [2013-07] Kyle Maxwell -- Open Source Threat Intelligence Overview
[live][slides] - [2013-07] SANS - Blog Spam - annoying junk or a source of intelligence?
- [2012] Category Archives: CIF
- [2012] Accelerating CIF with Sphinx
- [2012] CIF-Lite: Customizing CIF to your schema
- [2012] VZ: Gluing Our Stuff Together
- [2012] VZ: Recent Improvements to CIFGlue
- [2012] VZ: CIF: Looking Under the Hood
Talks
All content licensed under CCv3 unless otherwise specifically specified.
- 2013 -- PacketPushers HealthyParanoia, the Dudes of REN-ISAC (podcast)
- 2013 -- AusCERT peering: the next ten years.
- 2013 -- MAAWG: data-sharing economics
- 2012 -- GFIRST/NIST|APWG: the next ten years
- 2012 -- FIRST.org: Sharing data's hard here's how we did it (mp3)
- 2012 -- Internet2 Combined Industry and Research Constituency Meeting
- 2012 -- Zombie Hunting
- 2011 -- ISOI9
- 2011 -- REN-ISAC Member Meeting
- 2011 -- Educause SPC
- 2010 -- SES v2 Update
- 2010 -- DDCSW2
- 2009 -- DDCSW1
- 2009 -- Joint Techs
- 2009 -- Educause SPC
Papers
- 2015 - SANS - Who's Using Cyberthreat Intelligence and How?
- 2015 - Microsoft - A framework for cybersecurity information sharing and risk reduction
- 2015 - SANS - Automated Defense Using Threat Intelligence to Augment Security
- 2014 - ENISA - Standards and tools for exchange and processing of actionable information
- 2014 - SANS - Tools and Standards for Cyber Threat Intelligence Projects
- 2013 - ENISA CSIRT Interop
- 2013 - Intelligence Exchange in a free market economy
- 2012 - CERT-PL: Proactive Detection and Automated Exchange of Network Security Incidents