When multiple threat feeds are in use, it is a good idea to perform an overlap analysis to identify how two or more feeds overlap. This way, we can avoid ingesting feeds that offer little to no additional intelligence.
Currently, we can do a bulk search to compare a list of IPs in a threat feed that is not currently in use, with existing data in the OpenCTI platform. This shows type as 'INDICATOR' or others such as 'IPV4 ADDRESS', depending on what is being searched for and what is present in the platform. 'UNKNOWN' type indicates that the search did not match any data in the platform.
It would be useful and ideal if the platform presented some statistics to assist with overlap analysis, if the bulk search is used. Or, a new area of the platform could be created
Current Workaround
Ctrl+F for types and note down matches. Compare number of UNKNOWN type matches with search size. E.g., 10 matches for UNKNOWN type in a list of 100 IPs.
Proposed Solution
Add statistics to bulk search page for TYPE, or create new area of platform to aid in overlap analysis.
Use case
When multiple threat feeds are in use, it is a good idea to perform an overlap analysis to identify how two or more feeds overlap. This way, we can avoid ingesting feeds that offer little to no additional intelligence.
Currently, we can do a bulk search to compare a list of IPs in a threat feed that is not currently in use, with existing data in the OpenCTI platform. This shows type as 'INDICATOR' or others such as 'IPV4 ADDRESS', depending on what is being searched for and what is present in the platform. 'UNKNOWN' type indicates that the search did not match any data in the platform.
It would be useful and ideal if the platform presented some statistics to assist with overlap analysis, if the bulk search is used. Or, a new area of the platform could be created
Current Workaround
Ctrl+F for types and note down matches. Compare number of UNKNOWN type matches with search size. E.g., 10 matches for UNKNOWN type in a list of 100 IPs.
Proposed Solution
Add statistics to bulk search page for TYPE, or create new area of platform to aid in overlap analysis.