Open mmguero opened 1 week ago
@mmguero cloned issue idaholab/Malcolm#496 on 2024-06-19:
This is very pie in the sky still but tracking for tracking's sake. CISA has been thinking about providing some sort of threat intelligence sharing platform. It would: be opt-in/disabled by default not be required for anybody to run Malcolm anonymize both the data and the source of the data provide those who opt-in some sort of benefit as well possibly tie in to the thread feeds that plug into zeek via the zeek intelligence framework possibly use other security-related data as well (e.g., notice.log) A lot more thought and planning and answers would have to go into designing and developing this.
This is very pie in the sky still but tracking for tracking's sake.
CISA has been thinking about providing some sort of threat intelligence sharing platform. It would:
be opt-in/disabled by default
not be required for anybody to run Malcolm
anonymize both the data and the source of the data
provide those who opt-in some sort of benefit as well
possibly tie in to the thread feeds that plug into zeek via the zeek intelligence framework
possibly use other security-related data as well (e.g., notice.log)
A lot more thought and planning and answers would have to go into designing and developing this.
mmguero
commented
1 week ago 