In the world of IR one of the most common things we are facing atm is the large scale ransomware attacks. My team regularly has open engagements for the same threat groups (Maze, DoppelPaymer, Ryuk, REvil, etc etc). It would be useful if we could have a dedicated OSINT section in the "Investigation" section. To start with this could just be a place to paste links to articles, whitepapers etc.
In future versions though, if it was linked to APIs and was automatically displaying OSINT information relating to IOCs that had been entered into the timeline. For example if I added a C2 address then the OSINT page might provide links to articles, tweets, sandbox results, shodan, VT, anything that referenced that C2 address.
In the world of IR one of the most common things we are facing atm is the large scale ransomware attacks. My team regularly has open engagements for the same threat groups (Maze, DoppelPaymer, Ryuk, REvil, etc etc). It would be useful if we could have a dedicated OSINT section in the "Investigation" section. To start with this could just be a place to paste links to articles, whitepapers etc.
In future versions though, if it was linked to APIs and was automatically displaying OSINT information relating to IOCs that had been entered into the timeline. For example if I added a C2 address then the OSINT page might provide links to articles, tweets, sandbox results, shodan, VT, anything that referenced that C2 address.