rhaist
commented
4 years ago The connector could also use the excellent tooling around APTnotes: https://github.com/aptnotes/tools
Closed Fred-certeu closed 3 years ago
rhaist
commented
4 years ago The connector could also use the excellent tooling around APTnotes: https://github.com/aptnotes/tools
Fred-certeu
commented
4 years ago Thank you for the link. It is useful and complementary. My point is more specifically to create reports to track recent noteworthy incidents by open sources (even if there is no observables / IOCs).
For example, I would like to transform the following posts into openCTI reports:
https://www.bleepingcomputer.com/news/security/brooklyn-hospital-loses-patient-data-in-ransomware-attack/ country : US sector : health category : cybercrime tactics : extortion, big game hunting
https://www.bleepingcomputer.com/news/security/ransomware-attacks-hit-everis-and-spains-largest-radio-network/ country : Spain sector : managed service provider, radio broadcasting category : cybercrime tactics : extortion, big game hunting malware : Bitpaymer
rhaist
commented
4 years ago I think we might be able to achieve this by using RSS. E.g. with feedparser
OzRex08
commented
4 years ago Any progress on this connector? It would be a great idea!
SamuelHassine
commented
3 years ago This connector has been implemented as the "Import External Reference". Any external reference containing a URL can now be downloaded as PDF or Markdown file, anywhere in the platform.
SamuelHassine
commented
3 years ago 
Import public threat reports from open sources blogs.
For each blog, there could be two different work flows:
OR
Examples of open sources blogs :
IT security news aggregators such as:
IT security vendor owned blogs: