elasticmachine
commented
1 year ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Open jamiehynds opened 1 year ago
elasticmachine
commented
1 year ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Description
Automated Indicator Sharing (AIS) is a service the Cybersecurity and Infrastructure Security Agency (CISA) provides to enable real-time exchange of machine-readable cyber threat indicators and defensive measures between public and private-sector organizations. AIS helps to protect the participants of the service and ultimately reduce the prevalence of cyberattacks.
The AIS community includes private sector entities; federal agencies; state, local, tribal, and territorial (SLTT) governments; information sharing and analysis centers (ISACs) and information sharing and analysis organizations (ISAOs); and foreign government partners and companies.
Architecture
AIS leverages the Structured Threat Information Expression (STIX) standard to represent CTIs/DMs and the Trusted Automated Exchange of Intelligence Information (TAXII) standard for machine-to-machine communication. AIS participants connect to AIS with a STIX/TAXII capability (which can be built or bought from commercial vendors) to allow them to exchange CTIs/DMs.
AIS TAXII connection guide is available here. Our httpjson input should allow us to connect to the TAXII service and ingest the STIX formatted indicators.
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.
All changes
New Package
Dashboards changes
Log dataset changes
sample_event.json) exists