After creating the OpenCTI install / howto articles a while back, I thought it would be a great idea to launch a live fully functional instance for the public to use and learn. The public user has read only access, but you can research on all the latest threats, and browse the complete knowledge base., Including searching for IOC's, Observables, Reports, and visualize the STIX relationships.
The platform is fed by multiple public feeds and enriched and organized in a way to help those looking to learn and lookup current threat information. Want to check or search for a threat group, IP, domain, or indicator? Filter and sort through the large amount of data to see correlations, or perhaps see where else and when that observable was scene last and what techniques or malware was associated with it?
I have been thinking about plans for this new addition to the NetmanageIT Blog family of sub-sites. I want to eventually setup a TAXII server with STIX bundle feed(s) with OpenCTI's native capabilities. Create a few collections to start with, and then organize the data/knowledge into different sub collections. One of those collections will consist of specific data from our Live Honeypot. I plan on keeping it running permanently, then harvesting via automation the top threats, IP's that have been attacking the Pot, and correlate/vet the data and add that as an original feed.
I most likely will keep authentication on the API feed at first, and people can reach out for creds to authenticate if there is any real interest there, perhaps even making it fully public eventually. Perhaps down the line, we can start to allow users to do more than just having read permissions, we shall see. Either way, I think it will be a fun side project to share with those who follow me, and with the cyber community as a whole.
Lastly, I would like to thank the creators of OpenCTI, filigran.io for designing and working hard to continually add features and refine the platform. It's such a wonderful platform for the community, and one of the best Open Source projects I have ever come across!
If you have any questions or commends, send them over to email@example.com .