Closed Fred-certeu closed 3 years ago
The connector could also use the excellent tooling around APTnotes: https://github.com/aptnotes/tools
Thank you for the link. It is useful and complementary. My point is more specifically to create reports to track recent noteworthy incidents by open sources (even if there is no observables / IOCs).
For example, I would like to transform the following posts into openCTI reports:
https://www.bleepingcomputer.com/news/security/brooklyn-hospital-loses-patient-data-in-ransomware-attack/ country : US sector : health category : cybercrime tactics : extortion, big game hunting
https://www.bleepingcomputer.com/news/security/ransomware-attacks-hit-everis-and-spains-largest-radio-network/ country : Spain sector : managed service provider, radio broadcasting category : cybercrime tactics : extortion, big game hunting malware : Bitpaymer
I think we might be able to achieve this by using RSS. E.g. with feedparser
Any progress on this connector? It would be a great idea!
This connector has been implemented as the "Import External Reference". Any external reference containing a URL can now be downloaded as PDF or Markdown file, anywhere in the platform.
Import public threat reports from open sources blogs.
For each blog, there could be two different work flows:
OR
Examples of open sources blogs :
IT security news aggregators such as:
IT security vendor owned blogs: