anonymized intelligence sharing framework

[mmguero]

This is very pie in the sky still but tracking for tracking's sake.

CISA has been thinking about providing some sort of threat intelligence sharing platform. It would:

• be opt-in/disabled by default
• not be required for anybody to run Malcolm
• anonymize both the data and the source of the data
• provide those who opt-in some sort of benefit as well
• possibly tie in to the thread feeds that plug into zeek via the zeek intelligence framework
• possibly use other security-related data as well (e.g., notice.log)

A lot more thought and planning and answers would have to go into designing and developing this.