Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intel Framework. What is intelligence? Intel framework defines intelligence as an atomic bit of data with associated metadata Things you want to know.

Published byWarren Small Modified over 9 years ago

Similar presentations

Presentation on theme: "Intel Framework. What is intelligence? Intel framework defines intelligence as an atomic bit of data with associated metadata Things you want to know."— Presentation transcript:

1 Intel Framework

2 What is intelligence? Intel framework defines intelligence as an atomic bit of data with associated metadata Things you want to know about! 2

3 Motivations Intelligence based searching is incredibly common Through abstraction we can expand the utilization of intelligence Creating a format for importing intelligence makes Bro target-able for intelligence providers 3

4 How common is it? Numerous open intelligence feeds Numerous security industry reports Numerous private intelligence sharing communities Many organizations are building their own internal intelligence teams 4

5 Benefits of Abstraction? Reduce – If multiple feeds have the same data, we don’t need to store it multiple times Reuse – Look for IP addresses anywhere they show up instead of just in IP headers, etc. Optimize – There will be memory and performance optimizations we’ll do under the hood 5

6 Intelligence Format Bro’s intelligence indicator format is incredibly terse by default but extensible Data can be stored in a database or text files and updates at runtime 6

7 Design Limitation Asynchronous lookups – You can’t use “do I know about this?” in a normal if statement 7

8 Currently Deployed 13,469 Indicators across 6 feeds Running at a few sites Seems to be working well Data feeds have issues of lack of context and sometimes old data 8

9 Questions? Next we have some exercises that are linked from the agenda 9

Download ppt "Intel Framework. What is intelligence? Intel framework defines intelligence as an atomic bit of data with associated metadata Things you want to know."

Similar presentations

The Organisation As A System An information management framework The Performance Organiser Data Warehousing.

The Organisation As A System An information management framework The Performance Organiser Data Warehousing.
.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.

.NET Technology. Introduction Overview of.NET What.NET means for Developers, Users and Businesses Two.NET Research Projects:.NET Generics AsmL.
SDMX in the Vietnam Ministry of Planning and Investment - A Data Model to Manage Metadata and Data ETV2 Component 5 – Facilitating better decision-making.

SDMX in the Vietnam Ministry of Planning and Investment - A Data Model to Manage Metadata and Data ETV2 Component 5 – Facilitating better decision-making.
Utility SQL Bin (v3.3). Agenda  Purpose  Target User  Benefits  System Requirement  User Guide Introduction Navigation Add New SQL Add New Version.

Utility SQL Bin (v3.3). Agenda  Purpose  Target User  Benefits  System Requirement  User Guide Introduction Navigation Add New SQL Add New Version.
C6 Databases.

C6 Databases.
TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.
4/14/2017 Discussed Earlier segmentation - the process address space is divided into logical pieces called segments. The following are the example of types.

4/14/2017 Discussed Earlier segmentation - the process address space is divided into logical pieces called segments. The following are the example of types.
What is the status of community acquired pneumonia in adults in the United States? Searching PubMed pubmed.gov.

What is the status of community acquired pneumonia in adults in the United States? Searching PubMed pubmed.gov.
System Design and Memory Limits. Problem  If you were integrating a feed of end of day stock price information (open, high, low, and closing price) for.

System Design and Memory Limits. Problem  If you were integrating a feed of end of day stock price information (open, high, low, and closing price) for.
Technical BI Project Lifecycle

Technical BI Project Lifecycle
Nassau Community College

Nassau Community College
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Cognos 8.4 Upgrade Business Intelligence. Why Cognos 8.4 Increased Performance on Database due to optimized SQL and more filters passed in native SQL.

Cognos 8.4 Upgrade Business Intelligence. Why Cognos 8.4 Increased Performance on Database due to optimized SQL and more filters passed in native SQL.
Physical, Logical, Conceptual DSA Lecture 2 2006-7.

Physical, Logical, Conceptual DSA Lecture
AGENDA Tools used in SQL Server 2000 Graphical BOL Enterprise Manager Service Manager CLI Query Analyzer OSQL BCP.

AGENDA Tools used in SQL Server 2000 Graphical BOL Enterprise Manager Service Manager CLI Query Analyzer OSQL BCP.
ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.

ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.
Open and Shared Information System OaSIS. SUNCOM’s Standard Business Process Centralized ordering for the enterprise Maintenance of an enterprise inventory.

Open and Shared Information System OaSIS. SUNCOM’s Standard Business Process Centralized ordering for the enterprise Maintenance of an enterprise inventory.
WCA-B324 Get Up!!! YAAAWWWN! App-V 5.0 Get Ready for… Are You Ready?

WCA-B324 Get Up!!! YAAAWWWN! App-V 5.0 Get Ready for… Are You Ready?
RDA Wheat Data Interoperability Working Group Outcomes RDA Outputs P5 9 th March 2015, San Diego.

RDA Wheat Data Interoperability Working Group Outcomes RDA Outputs P5 9 th March 2015, San Diego.
What’s New in Kinetic Task 3.0 Ben Christenson 3 About Me  Ben Christenson  Employee at Kinetic Data for 13 years and a member of the Product Development.

What’s New in Kinetic Task 3.0 Ben Christenson 3 About Me  Ben Christenson  Employee at Kinetic Data for 13 years and a member of the Product Development.

Similar presentations

Ads by Google