Saturday, August 19, 2017

Ridiculously Simple - Wapack Labs CTAC fully integrated with ThreatQ

I haven't blogged as much as I normally do this summer. The kids are getting older and vacations and… well… at any rate, it doesn't mean work stops, nor does it mean that we stop pushing to make it ridiculously simple for users at any level access intelligence needed in their SOC, in their risk programs, or as we're starting to find, even the physical security guys are reading our stuff.

Last year we worked hard to get data into a foundational tool that could be used to serve our data up to any number of different applications. Unfortunately for a number of reasons, we didn't get it done, but late last year after a few organizational shifts we went live in a VERY alpha state in January, followed by an MVP launch in March, and now, I'm happy to say, we're seeing new products and applications come alive, bolting on themselves to us.

Our 2013's Threat Recon(R) was our first real push into serving up data (IOCs) through an API.  It remains a popular, Wapack Labs low cost API. Today in 2017,  I'm happy to say, our Cyber Threat Analysis Center (CTAC for short) is online and rolling nicely. Now, users can access more than just our Threat Recon(R) data. They can also search, manipulate and download nearly every collection acquired by the team. CTAC serves up not only Threat Recon(R) data, but also key logger outputs and sinkholes; 'bin' scrapes, early warning, and more.

As a result? Greater interest in accessing and integrating our data into their analytics and tools. One that we were really happy to see was ThreatQ.



Why do I say 'ridiculously simple'? ThreatQ has completely integrated our stuff to the point where an analyst only has to point at our reporting, ingest it into ThreatQ, and after a very simple process of letting the machine do its thing, the data is parsed, correlated against other ThreatQ sources, evaluated, prioritized, and even recommends action.

Mike Clark is an old friend. He and I were early guys in the Honeynet Project together years ago. Mike headed up development on the ThreatQ side. Mike, as always was a pleasure to work with. He worked closely with our team and within a couple of weeks we were integrated and running.

We've integrated with others. You can pull data from Threat Recon(R) from ThreatConnect, and limited data from Anomali, but ThreatQ really did it right. You get not only the indicators but the full range of collections, analysis, and human analyzed outputs in one pane of glass.

If you'd like to read more about the integration, or get more information on ThreatQ, one example of the integration is shown on Mike's ThreatQ blog.

If you'd like more information on Red Sky Alliance, our CTAC, shoot us a note. We're here to help.

Until next time,
Have a great week!
Jeff

Posted by at No comments:
Subscribe to: Posts (Atom)