Reducing Installation Time for Open Source Threat Intelligence Platform, OpenCTI
Backed by the likes of the French National Cyber Security Agency (ANSSI), OpenCTI allows for the creation, ingestion and dissemination of threat information regarding a threat actor’s current behaviours, ongoing campaigns against corporate entities and the monitoring of new malware, as well as vulnerabilities, of interest to us and our partners. Taken and analysed together, this data provides a “Threat Landscape” which can inform Cyber Defenders of current threats.
As part of our contributions, we are pleased to release an infrastructure as code (Terraform) deployment of OpenCTI into Amazon Web Services (AWS). This deployment will reduce installation overhead and, we hope, help to drive wider adoption and growth of this tool. The Terraform code can be found at https://github.com/QinetiQ-Cyber-Intelligence/OpenCTI-Terraform.
The platform allows for graphical visualisation along with the ability to perform correlation with other similar events. Content that is ingested from open source and paid threat feeds can be correlated with hand-curated work, providing an even more comprehensive view of threats faced.