![]() ![]() We show that this type of relationship querying can allow for more effective use of open source intelligence for threat hunting, malware family clustering, and vulnerability analysis. ![]() Examples of utilizing the graph database for querying connections between known malicious IoCs and open source intelligence documents, including threat reports, are shown. The construction of the database of potential IoCs is detailed, including the addition of machine learning and metadata which can be used for filtering of the data for a specific domain (for example a specific natural language) when needed. These connections are comprised of possible indicators of compromise (e.g., IP addresses, domains, hashes, email addresses, phone numbers), information on known exploits and techniques (e.g., CVEs and MITRE ATT&CK Technique ID's), and potential sources of information on cybersecurity exploits such as twitter usernames. In this research, we present a system which constructs a Neo4j graph database formed by shared connections between open source intelligence text including blogs, cybersecurity bulletins, news sites, antivirus scans, social media posts (e.g., Reddit and Twitter), and threat reports. Neo4j Browser (Development Tool) (Image credit Michael Hunger, Neo4j) The Neo4j Browser is likely the first thing you’ll run into when working with Neo4j. Therefore methods of condensing the available open source intelligence, and automatically developing connections between disparate sources of information, is incredibly valuable. However the scale of information that is relevant for information security on the internet is always increasing, and is intractable for analysts to parse comprehensively. Malware family clustering, and vulnerability analysis.Open source intelligence is a powerful tool for cybersecurity analysts to gather information both for analysis of discovered vulnerabilities and for detecting novel cybersecurity threats and exploits. We show that this type of relationship querying canĪllow for more effective use of open source intelligence for threat hunting, Examples of utilizing the graph database for querying connectionsīetween known malicious IoCs and open source intelligence documents, including The data for a specific domain (for example a specific natural language) when TheĬonstruction of the database of potential IoCs is detailed, including theĪddition of machine learning and metadata which can be used for filtering of Sources of information on cybersecurity exploits such as twitter usernames. Dietze, Felix Karoff, Johannes Calero Valdez, Andr (Corresponding author). These connectionsĪre comprised of possible indicators of compromise (e.g., IP addresses,ĭomains, hashes, email addresses, phone numbers), information on known exploitsĪnd techniques (e.g., CVEs and MITRE ATT&CK Technique ID's), and potential An Open-Source Object-Graph-Mapping Framework for Neo4j and Scala: Renesca. Media posts (e.g., Reddit and Twitter), and threat reports. ![]() Including blogs, cybersecurity bulletins, news sites, antivirus scans, social In this research, we present a system which constructs a Neo4j graphĭatabase formed by shared connections between open source intelligence text Methods of condensing the available open source intelligence, and automaticallyĭeveloping connections between disparate sources of information, is incredibly Increasing, and is intractable for analysts to parse comprehensively. Information that is relevant for information security on the internet is always ![]() Gather information both for analysis of discovered vulnerabilities and forĭetecting novel cybersecurity threats and exploits. Download a PDF of the paper titled Cybersecurity Threat Hunting and Vulnerability Analysis Using a Neo4j Graph Database of Open Source Intelligence, by Elijah Pelofske and 2 other authors Download PDF Abstract: Open source intelligence is a powerful tool for cybersecurity analysts to ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |